# All services not started at computer start up



## lisanti (Jul 11, 2003)

Running Windows XP SP3, Firefox, Avast, and Comodo

I apologize in advance if this is in the wrong forum; I'm really not sure what the problem entails.

On Friday, the computer was fine. Yesterday, I turned it on to oversized type in the taskbar, no internet connection, and a notice that the intellitype keyboard had crashed. I restarted the computer, to find the taskbar had disappeared. After some flailing around, I got to the Services to see that not one was running, although many are set to automatic. I clicked them one by one to start them (I started just about everything, just in case), and then all was well.I then ran Avast and found no problems, and Malwarebytes, which found:

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:61798 -> Quarantined and deleted successfully.

Files Detected: 1
C:\Program Files\eZip Wizard\freezip.exe (Trojan.Agent) -> Quarantined and deleted successfully.

After MBAM was done, I restarted the computer, only to find no services yet again. I clicked them all on again and went searching the 'net for advice, to find none that fit my problem. So here I am, at the source for good advice - how can I get my services back?

I keep the machine fairly clean, don't click on unknown attachments, dump the temp files regularly, and so on, but stuff does get through. I cannot remember any weird pop-ups, emails, or websites that showed up on Friday but I can't guarantee there weren't any. It's like something was clicked off somewhere in the computer and I didn't do the clicking. My main concern, I guess,is that XP has finally gotten corrupted.

The only things I haven't done yet is a boot scan and reinstalling XP; I will do them before getting into the HJT stuff if you think it worthwhile. As requested on the New Thread page, here's the TSG SysInfo:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz, x86 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 3326 Mb
Graphics Card: ATI Radeon HD 4300/4500 Series, 1024 Mb
Hard Drives: C: Total - 234974 MB, Free - 171379 MB; I: Total - 238464 MB, Free - 114658 MB;
Motherboard: Gigabyte Technology Co., Ltd., EP45-UD3L
Antivirus: avast! Antivirus, Updated: Yes, On-Demand Scanner: Enabled


Many thanks for any help you can give me.

Joan


----------



## flavallee (May 12, 2002)

Joan:

Go to Start - Run - *MSCONFIG* - OK - "Services" tab.

Uncheck "Hide all Microsoft services".

Make sure the ENTIRE list is checked.

Click Apply - OK - Restart.

Go to Start - Run - *SERVICES.MSC* - OK.

Expand the services window so you can see the list clearly.

If any entry has its "startup type" set on Disabled, double-click it to open its properties window.

Change its "startup type" to Manual, then click Apply - OK.

After you're all done, close the services window and then restart the computer.

Wait for it to completely settle down from the restart.

Do NOT open any windows or start any programs.

Go back into the services window.

If any entry with its "startup type" set on Manual shows a status of started, change its "startup type" to Automatic.

If any entry with its "startup type" set on Automatic does NOT show a status of started, change its "startup type" to Manual.

After you're all done, close the services window and then restart the computer.

----------------------------------------------------------


----------



## flavallee (May 12, 2002)

I don't know what your computer setup is for Windows XP, but only about 1/3 of the services need to be set on Automatic.

I personally don't believe in setting any services on Disabled because there's always the possibility that one or more of them may be needed.

-----------------------------------------------------------

I don't know what's installed in your computer and what's auto-starting and running in the background, so submitting a scan log with *HiJackThis 2.0.4* might be a good idea and give us some insight into your issues.

-----------------------------------------------------------


----------



## lisanti (Jul 11, 2003)

Flavalee-

Thank you for your response, and sorry for the delay in my response.
Going backwards, I agree that most things don't need to be on automatic, and I try to keep those to a minimum, before yesterday, anyway.

Anyhow- I followed your instructions. After each restart, I had no toolbar, and got the Intellitouch failure pop-up. Most services were still not started, whether manual or automatic. FWIW, the ones that were started were Cryptographic, Network Loc, Plug and Play, Remote Access Conn, RPC, SSDP, Telephony, and Workstation. This is an improvement from yesterday, when no services were started after a restart.

I did have a brain fart when I wrote my initial post and forgot to say that I tried to use System Restore to go back a couple of days, and was told that it couldn't do the restore; I don't know if that's important or not, but there it is.

What should I do next?


----------



## lisanti (Jul 11, 2003)

I'm sorry - I just saw the request for HJT. I will do it now.


----------



## dvk01 (Dec 14, 2002)

That sounds like either TDSS rootkit or Zero access rootkit. There is no guarantee we can fix it but lets see what shows 
First clear your Java cache as shown http://www.java.com/en/download/help/5000020300.xml 
Then follow advice *here* and post the logs those programs make in your next reply to this topic


----------



## flavallee (May 12, 2002)

Joan:

Follow *dvk01*'s instructions from here on.

I can jump back in later, if need be.

------------------------------------------------------------


----------



## lisanti (Jul 11, 2003)

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:01:41 PM, on 4/29/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe
C:\Program Files\DOWNLOADS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VERIZONDM] "C:\Program Files\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong.com/Music/install/network/install.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251605255921
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} (SABMachineInfo Class) - http://www.superadblocker.com/activex/sabminf.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADDF28EC-FFEB-48F6-A471-B7D19A36D14D}: NameServer = 156.154.70.22,156.154.71.22
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IHA_MessageCenter - Unknown owner - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\sprtsvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\tgsrvc.exe

--
End of file - 11694 bytes


----------



## lisanti (Jul 11, 2003)

OK Flavalee; thanks for your help!


----------



## flavallee (May 12, 2002)

lisanti said:


> OK Flavalee; thanks for your help!


You're welcome. 

The startup load needs trimming down, but that can wait until later. :up:

----------------------------------------------------------


----------



## lisanti (Jul 11, 2003)

The DDS.txt file:

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Lisanti at 13:14:41 on 2012-04-29
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2416 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* 
.
============== Running Processes ===============
.
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\WINDOWS\System32\vssvc.exe
svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboForm.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboForm.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [SansaDispatch] c:\documents and settings\lisanti\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboForm.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboForm.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboForm.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - hxxp://www.passalong.com/Music/install/network/install.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251605255921
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} - hxxp://www.superadblocker.com/activex/sabminf.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{ADDF28EC-FFEB-48F6-A471-B7D19A36D14D} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{ADDF28EC-FFEB-48F6-A471-B7D19A36D14D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C692D3CB-922B-4F33-8FE4-612F4CF6DEC8} : DhcpNameServer = 192.168.1.1 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\lisanti\application data\mozilla\firefox\profiles\mmf3mxwj.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 61798
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\lisanti\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? IHA_MessageCenter;IHA_MessageCenter
R? MEMSWEEP2;MEMSWEEP2
R? SABKUTIL;SABKUTIL
S? aswFsBlk;aswFsBlk
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? cmdAgent;COMODO Internet Security Helper Service
S? cmdGuard;COMODO Internet Security Sandbox Driver
S? cmdHlp;COMODO Internet Security Helper Driver
S? sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm)
S? tgsrvc_verizondm;SupportSoft Repair Service (verizondm)
.
=============== Created Last 30 ================
.
2012-04-28 18:56:36	--------	d-----w-	c:\documents and settings\lisanti\application data\CasualMechanics
2012-04-26 16:26:11	--------	d-----w-	c:\documents and settings\all users\application data\DailyMagic
2012-04-25 00:32:03	--------	d-----w-	c:\documents and settings\lisanti\application data\4 Friends Games
2012-04-24 22:20:22	--------	d-----w-	c:\documents and settings\lisanti\application data\Silverback Productions
2012-04-24 22:14:37	--------	d-----w-	c:\documents and settings\lisanti\application data\Ghost Ship Studios
2012-04-24 21:28:22	--------	d-----w-	c:\documents and settings\all users\application data\10tons
2012-04-24 21:19:15	--------	d-----w-	c:\documents and settings\all users\application data\Fugazo
2012-04-11 23:41:09	--------	d-----w-	c:\documents and settings\lisanti\application data\Phantasmat_bf_se1
2012-04-11 18:51:36	--------	d-----w-	c:\documents and settings\lisanti\application data\PlayFavoriteGames
2012-04-11 18:28:21	--------	d-----w-	c:\documents and settings\lisanti\application data\My Games
2012-04-10 21:25:45	--------	d-----w-	c:\documents and settings\all users\TheFallTrilogy
2012-04-05 21:00:45	--------	d-----w-	c:\documents and settings\all users\application data\Princess Isabella CE
2012-04-05 20:54:10	--------	d-----w-	c:\documents and settings\lisanti\application data\GO Games
2012-04-05 20:52:07	--------	d-----w-	c:\documents and settings\lisanti\application data\SerpentOfIsis
2012-04-05 20:41:23	--------	d-----w-	c:\documents and settings\lisanti\application data\Funswitch
2012-04-05 20:26:18	--------	d-----w-	c:\documents and settings\lisanti\application data\Ten Heavens
2012-04-04 05:53:56	182160	----a-w-	c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-04-04 05:53:56	182160	----a-w-	c:\program files\internet explorer\plugins\nppdf32.dll
2012-04-03 20:53:20	--------	d-----w-	c:\documents and settings\lisanti\local settings\application data\Temp
.
==================== Find3M ====================
.
2012-04-04 19:56:40	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-30 12:50:15	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-30 12:50:15	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-03-06 23:15:19	41184	----a-w-	c:\windows\avastSS.scr
2012-03-06 23:03:51	612184	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-03-01 11:01:32	916992	----a-w-	c:\windows\system32\wininet.dll
2012-03-01 11:01:32	43520	------w-	c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16	177664	----a-w-	c:\windows\system32\wintrust.dll
2012-02-29 14:10:16	148480	----a-w-	c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40	385024	------w-	c:\windows\system32\html.iec
2012-02-23 17:44:05	73728	----a-w-	c:\windows\system32\javacpl.cpl
2012-02-23 17:44:04	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-02-03 09:22:18	1860096	----a-w-	c:\windows\system32\win32k.sys
2008-03-29 05:36:44	499200	-c--a-w-	c:\program files\USB_Disk_Eject.exe
2007-09-08 16:43:32	339456	-c--a-w-	c:\program files\MJsDiag.exe
.
============= FINISH: 13:19:21.78 ===============


----------



## lisanti (Jul 11, 2003)

I'll admit that I am, sometimes, an idiot - how do I zip the attach.txt file?

NEVER MIND.See below.


----------



## lisanti (Jul 11, 2003)

The dds attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/29/2009 11:46:34 PM
System Uptime: 4/29/2012 12:18:51 PM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EP45-UD3L
Processor: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz | Socket 775 | 1600/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 229 GiB total, 167.264 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is FIXED (NTFS) - 233 GiB total, 111.971 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: PSC 1400 series
Device ID: USB\VID_03F0&PID_4D11&MI_00\6&18B83CE&1&0000
Manufacturer: 
Name: PSC 1400 series
PNP Device ID: USB\VID_03F0&PID_4D11&MI_00\6&18B83CE&1&0000
Service: 
.
Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: HPPSC 1400 series
Device ID: USBPRINT\HPPSC_1400_SERIES\7&19577615&0&USB001
Manufacturer: 
Name: HPPSC 1400 series
PNP Device ID: USBPRINT\HPPSC_1400_SERIES\7&19577615&0&USB001
Service: 
.
==== System Restore Points ===================
.
RP741: 1/31/2012 6:58:02 AM - System Checkpoint
RP742: 2/1/2012 7:05:44 AM - System Checkpoint
RP743: 2/2/2012 7:47:00 AM - System Checkpoint
RP744: 2/3/2012 2:47:12 PM - System Checkpoint
RP745: 2/4/2012 5:53:03 PM - System Checkpoint
RP746: 2/5/2012 6:29:45 PM - System Checkpoint
RP747: 2/6/2012 6:58:43 PM - System Checkpoint
RP748: 2/7/2012 8:50:12 PM - System Checkpoint
RP749: 2/9/2012 7:42:59 AM - System Checkpoint
RP750: 2/10/2012 7:49:09 AM - System Checkpoint
RP751: 2/11/2012 9:53:20 AM - System Checkpoint
RP752: 2/12/2012 10:36:27 AM - System Checkpoint
RP753: 2/13/2012 4:05:26 PM - System Checkpoint
RP754: 2/15/2012 7:08:08 AM - System Checkpoint
RP755: 2/16/2012 7:46:50 AM - System Checkpoint
RP756: 2/16/2012 10:36:35 PM - Software Distribution Service 3.0
RP757: 2/18/2012 10:43:25 AM - System Checkpoint
RP758: 2/19/2012 11:17:05 AM - System Checkpoint
RP759: 2/20/2012 6:16:48 PM - System Checkpoint
RP760: 2/21/2012 6:24:41 PM - System Checkpoint
RP761: 2/22/2012 6:56:54 PM - System Checkpoint
RP762: 2/23/2012 12:43:21 PM - Removed Java(TM) 6 Update 20
RP763: 2/23/2012 12:43:56 PM - Installed Java(TM) 6 Update 31
RP764: 2/24/2012 6:15:12 PM - System Checkpoint
RP765: 2/26/2012 10:07:09 AM - System Checkpoint
RP766: 2/27/2012 3:09:21 PM - System Checkpoint
RP767: 2/28/2012 3:21:27 PM - System Checkpoint
RP768: 3/1/2012 8:02:30 AM - System Checkpoint
RP769: 3/2/2012 5:21:01 PM - System Checkpoint
RP770: 3/3/2012 5:43:20 PM - System Checkpoint
RP771: 3/4/2012 6:34:01 PM - System Checkpoint
RP772: 3/6/2012 6:57:48 AM - System Checkpoint
RP773: 3/7/2012 6:55:20 PM - System Checkpoint
RP774: 3/7/2012 10:58:34 PM - Software Distribution Service 3.0
RP775: 3/8/2012 11:11:27 PM - Software Distribution Service 3.0
RP776: 3/10/2012 11:26:57 AM - System Checkpoint
RP777: 3/11/2012 6:27:16 PM - System Checkpoint
RP778: 3/13/2012 8:18:00 AM - System Checkpoint
RP779: 3/14/2012 4:43:36 PM - System Checkpoint
RP780: 3/14/2012 10:45:25 PM - Software Distribution Service 3.0
RP781: 3/16/2012 11:19:49 AM - System Checkpoint
RP782: 3/17/2012 6:08:57 PM - System Checkpoint
RP783: 3/18/2012 7:23:39 PM - System Checkpoint
RP784: 3/20/2012 7:04:56 AM - System Checkpoint
RP785: 3/21/2012 7:06:45 AM - System Checkpoint
RP786: 3/22/2012 7:45:44 AM - System Checkpoint
RP787: 3/23/2012 3:30:04 PM - System Checkpoint
RP788: 3/24/2012 6:37:52 PM - System Checkpoint
RP789: 3/26/2012 7:46:32 AM - System Checkpoint
RP790: 3/27/2012 3:32:58 PM - System Checkpoint
RP791: 3/28/2012 5:58:43 PM - System Checkpoint
RP792: 3/30/2012 7:57:54 AM - System Checkpoint
RP793: 3/31/2012 11:34:14 AM - System Checkpoint
RP794: 4/1/2012 12:09:02 PM - System Checkpoint
RP795: 4/2/2012 3:03:08 PM - System Checkpoint
RP796: 4/4/2012 7:14:59 AM - System Checkpoint
RP797: 4/5/2012 7:55:07 AM - System Checkpoint
RP798: 4/6/2012 11:30:29 AM - System Checkpoint
RP799: 4/7/2012 6:07:24 PM - System Checkpoint
RP800: 4/8/2012 6:52:50 PM - System Checkpoint
RP801: 4/10/2012 7:16:20 AM - System Checkpoint
RP802: 4/11/2012 5:43:31 PM - System Checkpoint
RP803: 4/12/2012 10:11:01 PM - Software Distribution Service 3.0
RP804: 4/14/2012 10:52:42 AM - System Checkpoint
RP805: 4/15/2012 12:06:01 PM - System Checkpoint
RP806: 4/16/2012 3:08:13 PM - System Checkpoint
RP807: 4/18/2012 7:13:08 AM - System Checkpoint
RP808: 4/19/2012 7:53:27 AM - System Checkpoint
RP809: 4/20/2012 8:56:34 AM - System Checkpoint
RP810: 4/21/2012 9:47:36 AM - System Checkpoint
RP811: 4/23/2012 7:00:44 PM - System Checkpoint
RP812: 4/25/2012 11:10:36 AM - System Checkpoint
RP813: 4/26/2012 6:32:22 PM - System Checkpoint
RP814: 4/28/2012 10:50:01 PM - Restore Operation
RP815: 4/28/2012 10:53:26 PM - Restore Operation
RP816: 4/29/2012 11:55:33 AM - Unsigned driver install
.
==== Installed Programs ======================
.
10 Talismans
1400
1400_Help
1400Trb
2007 Microsoft Office Suite Service Pack 1 (SP1)
9: The Dark Side Collector's Edition
Abandoned: Chestnut Lodge Asylum
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
AiO_Scan
AiOSoftware
Amazon MP3 Downloader 1.0.15
Amulet of Time: Shadow of la Rochelle
Antique Mysteries: Secrets of Howard's Mansion
Apple Application Support
Apple Software Update
ASAP Utilities
ATI AVIVO Codecs
ATI Catalyst Install Manager
ATI Display Driver
ATI Problem Report Wizard
avast! Free Antivirus
Avery Wizard 3.1
Azkend
Azkend 2: The World Beneath
Big Fish Games: Game Manager
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Classical CD Collection
COMODO Internet Security
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Critical Mass Deluxe
Cubis Gold 2
Cursed House
Dark Dimensions: City of Fog
Dark Dimensions: Wax Beauty Collector's Edition
Dark Parables: Curse of Briar Rose
Dark Parables: Rise of the Snow Queen
Dark Parables: The Exiled Prince
Dark Tales:  Edgar Allan Poe's The Black Cat
dBpoweramp CD Writer
dBpoweramp Music Converter
dBpoweramp Windows Media Audio 10 Codec
Dell System Restore
Destinations
DeviceManagementQFolder
Diamond Mine 1.5sw
Digital Line Detect
DocProc
Echoes of the Past: Royal House of Stone
Echoes of the Past: The Castle of Shadows
Echoes of the Past: The Citadels of Time
Electra
Elixir of Immortality
Empress of the Deep: The Darkest Secret
Enchanted Cavern
Enchanted Cavern 2
Enigmatis: The Ghosts of Maple Creek Collector's Edition
erLT
eSupportQFolder
eZip Wizard
Fax
Fiction Fixers: The Curse of OZ
Finale NotePad 2008
GameHouse
GoodSync
Google Update Helper
Gravely Silent: House of Deadlock
Grim Facade: Mystery of Venice
GS-Base 7.1
GS-Calc 7.4
Guardians of Beyond: Witchville
Hallowed Legends: Templar Collector's Edition
Haunted Legends: The Bronze Horseman
Haunted Legends: The Queen of Spades Collector's Edition
Hello Venice
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone Express
HP Imaging Device Functions 5.3
HP Product Assistant
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
IceBreaker
IHA_MessageCenter
Intel(R) PRO Network Connections Drivers
Internet Service Offers Launcher
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 3
Java(TM) 6 Update 31
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Jewel Quest
Jewel Quest 3
Jewel Quest Heritage
Jewel Quest II
Jewel Quest: The Sapphire Dragon
Jewel Quest: The Sleepless Star
Kyodai Mahjongg 2006 v1.42
Living Legends: Ice Rose
Lost in Reefs
Macabre Mysteries: Curse of the Nightingale
Maestro: Music of Death
Maestro: Notes of Life
Magic Vines™
Malwarebytes Anti-Malware version 1.61.0.1400
MaxBlast 3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 7.1
Microsoft IntelliType Pro 7.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Diagnostic Tool
Move Media Player
Mozilla Firefox 11.0 (x86 en-US)
Mozilla Thunderbird 12.0 (x86 en-US)
Mp3tag v2.47b
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Mystery of the Ancients: Lockwood Manor
Mystery Trackers: Black Isle Collector's Edition
Mystery Trackers: Raincliff Collector's Edition
Mystery Trackers: The Void Collector's Edition
NetWaiting
NewCopy
Paint.NET v3.5.8
PowerDVD
Pretty Good Solitaire version 12.0.0
Princess Isabella: A Witch's Curse
Princess Isabella: Return of the Curse
ProductContext
QBeez 2
QuickTime
Quilt-Pro Version 6
Readme
Realtek High Definition Audio Driver
RoboForm 7-7-0 (All Users)
Sansa Updater
Scan
ScannerCopy
SearchAssist
Secrets of the Dark: Temple of Night Collector's Edition
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shades of Death: Royal Blood
Shiver: Poltergeist Collector's Edition
Shiver: Vanishing Hitchhiker Collector's Edition
Skins
SolutionCenter
Sonic Activation Module
Sophos Anti-Rootkit 1.5.4
Spell Checker For OE 2.1
Spirits of Mystery: Amber Maiden
Status
Super Glinx!
Super Nisqually
Super TextTwist
swMSM
The Agency of Anomalies: Cinderstone Orphanage
The Agency of Anomalies: Mystic Hospital
Time Mysteries: Inheritance
Time Mysteries: The Ancient Spectres
Timeless: The Forgotten Town
TrayApp
Treasure Seekers: Follow the Ghosts
Treasure Seekers: The Enchanted Canvases
Treasure Seekers: The Time Has Come
Treasure Seekers: Visions of Gold 
Trijinx
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Download Manager
Verizon Help and Support Tool
Verizon Online DSL
Vopt 9
Vz In Home Agent
WeatherBug
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
Witches' Legacy: The Charleston Curse Collector's Edition
Zenerchi
.
==== Event Viewer Messages From Past Week ========
.
4/29/2012 12:33:43 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: Access is denied.
4/29/2012 12:31:27 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: Access is denied.
4/29/2012 12:28:52 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 12:28:52 PM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: Access is denied.
4/29/2012 12:28:52 PM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
4/29/2012 11:58:15 AM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: Access is denied.
4/29/2012 11:58:14 AM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/28/2012 9:45:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor SABKUTIL
4/28/2012 9:45:24 PM, error: Service Control Manager [7001] - The COM+ System Application service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: Access is denied.
4/28/2012 9:45:24 PM, error: Service Control Manager [7001] - The Alerter service depends on the Workstation service which failed to start because of the following error: Access is denied.
4/28/2012 3:11:20 PM, error: Service Control Manager [7000] - The Portable Media Serial Number Service service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
4/28/2012 3:10:08 PM, error: Service Control Manager [7001] - The Network DDE service depends on the Network DDE DSDM service which failed to start because of the following error: Access is denied.
4/28/2012 3:10:08 PM, error: Service Control Manager [7000] - The Network DDE DSDM service failed to start due to the following error: Access is denied.
4/28/2012 3:10:08 PM, error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: Access is denied.
4/28/2012 12:06:00 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
4/28/2012 12:05:54 PM, error: Removable Storage Service [15] - RSM cannot manage library CdRom0. The database is corrupt.
4/28/2012 12:02:57 PM, error: Service Control Manager [7001] - The Network DDE service depends on the Network DDE DSDM service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/28/2012 12:01:37 PM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
4/28/2012 11:59:33 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL
4/28/2012 11:59:33 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
4/28/2012 11:59:33 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for <null> with the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The Wireless Zero Configuration service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The Windows Driver Foundation - User-mode Driver Framework service depends on the Plug and Play service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The Windows Audio service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The Terminal Services service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The Telephony service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The Task Scheduler service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The System Restore Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The Security Accounts Manager service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The Remote Procedure Call (RPC) Locator service depends on the Workstation service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The Protected Storage service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The Print Spooler service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The Network Connections service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The HID Input Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The Help and Support service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The Google Update Service (gupdate) service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The Distributed Link Tracking Client service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The Cryptographic Services service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The COMODO Internet Security Helper Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The COM+ Event System service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7001] - The avast! Antivirus service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7000] - The Workstation service failed to start due to the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7000] - The WebClient service failed to start due to the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7000] - The SupportSoft Sprocket Service (verizondm) service failed to start due to the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7000] - The SupportSoft Repair Service (verizondm) service failed to start due to the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7000] - The SSDP Discovery Service service failed to start due to the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7000] - The Server service failed to start due to the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7000] - The Remote Procedure Call (RPC) service failed to start due to the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7000] - The Plug and Play service failed to start due to the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7000] - The IHA_MessageCenter service failed to start due to the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7000] - The Event Log service failed to start due to the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7000] - The DNS Client service failed to start due to the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7000] - The DCOM Server Process Launcher service failed to start due to the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: Access is denied.
4/28/2012 11:59:33 AM, error: Service Control Manager [7000] - The Ati HotKey Poller service failed to start due to the following error: Access is denied.
4/28/2012 10:03:55 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
4/27/2012 8:06:00 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: Access is denied.
4/27/2012 8:06:00 PM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
4/27/2012 11:59:32 AM, error: Service Control Manager [7000] - The Office Source Engine service failed to start due to the following error: Access is denied.
.
==== End Of File ===========================


----------



## dvk01 (Dec 14, 2002)

lots of errors there 
It might be a rootkit, you do have some signs of malware there so next step 
Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

post back with its log

By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
Logs have names like: UtilityName.Version_Date_Time_log.txt.
E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt


----------



## lisanti (Jul 11, 2003)

dvk01-
The GMER scan is still running and it's been well over two hours. Should I let it keep going?

Joan


----------



## lisanti (Jul 11, 2003)

I have tried three times to post the GMER log and it won't go. I'm going to try to post it in two parts.

Make that 5 parts.


----------



## lisanti (Jul 11, 2003)

GMER part 1::

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-29 17:18:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16 ST3250310AS rev.3.ADA
Running: 98ldo7f7.exe; Driver: C:\DOCUME~1\Lisanti\LOCALS~1\Temp\awryapod.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xADF7FDF8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xAE20C8B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAE00CA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xADF8085E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xADFACD5D]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xAE20BE48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xADF852E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xADF85330]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xAE20C518]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xADF85422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xADFAC711]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xADF85252]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xAE20BD28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xADF85374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xADF8529A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xAE20F568]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xAE20B714]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xADF853DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xADF7FE44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xADFAD423]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xADFAD6D9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xADF829A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xADFAD28E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xADFAD0F9]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAE00CB34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xADF7FAD6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xAE20C110]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xADF7FE90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xADF82D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xADF80B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xADF8530E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xADF85352]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xAE20C6F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xADF85446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xADFACA6D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xADF85278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xADF82518]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xADF853AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xADF852C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xADF8274C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xADF85400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAE00CCA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xADFACF74]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xAE20E11C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xADF809CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xADFACDC6]
SSDT  \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAE016B68]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xAE20E68C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xADFABD84]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xAE20E940]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xADF7FEDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xADF7FF28]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xAE20CEEE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xADF7FB46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xADF7FCEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xADFAD52A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xADF7FC92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xADF7FD5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xAE00CD60]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xAE20B918]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xADF7FF74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xAE00CBE0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAE022D92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C70 8050450C 16 Bytes [E4, 52, F8, AD, 30, 53, F8, ...] {IN AL, 0x52; CLC ; LODSD ; XOR [EBX-0x8], DL; LODSD ; SBB CH, AL; AND [ESI-0x5207abde], CH}
.text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 20 Bytes [74, 53, F8, AD, 9A, 52, F8, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DAC 80504648 16 Bytes [0E, 53, F8, AD, 52, 53, F8, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F2C 805047C8 12 Bytes [40, E9, 20, AE, DC, FE, F7, ...] {INC EAX; JMP 0xfffffffffedcae26; IMUL DWORD [EBP-0x520800d8]}
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL ADF8119F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP AE01FC8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP AE02174C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP AE022D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF5D0D000, 0x29C9F0, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF8098F2 5 Bytes JMP ADF84180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C84E 5 Bytes JMP ADF8407C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138E6 5 Bytes JMP ADF84036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C550 5 Bytes JMP ADF83724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240C0 5 Bytes JMP ADF82F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A2A 5 Bytes JMP ADF842EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831475 5 Bytes JMP ADF844F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF839EB3 5 Bytes JMP ADF83F3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851745 5 Bytes JMP ADF82E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC6A 5 Bytes JMP ADF837E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2D4 5 Bytes JMP ADF83384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E35F 5 Bytes JMP ADF83562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5D2 5 Bytes JMP ADF82E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649A1 5 Bytes JMP ADF840BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873CF0 5 Bytes JMP ADF8351C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890FA2 5 Bytes JMP ADF837FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF89454D 5 Bytes JMP ADF84232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895025 5 Bytes JMP ADF84450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3857 BF89C3CB 5 Bytes JMP ADF8370C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89D960 5 Bytes JMP ADF82FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C1EE0 5 Bytes JMP ADF83104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA342 5 Bytes JMP ADF831AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA5C2 5 Bytes JMP ADF832E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text  win32k.sys!EngDeleteSemaphore + 3B3E BF8EC017 5 Bytes JMP ADF82D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB3D BF8F5016 5 Bytes JMP ADF8373C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF913566 5 Bytes JMP ADF82F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF91413A 5 Bytes JMP ADF830B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F2C BF916AB3 5 Bytes JMP ADF8367C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1940 BF946632 5 Bytes JMP ADF843A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\DOCUME~1\Lisanti\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !


----------



## lisanti (Jul 11, 2003)

GMER Part 2::

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!LdrLoadDll  7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[336] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[336] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[336] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\svchost.exe[336] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\svchost.exe[336] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\svchost.exe[336] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\svchost.exe[336] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\svchost.exe[336] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\svchost.exe[336] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\svchost.exe[336] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\svchost.exe[336] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\svchost.exe[336] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\svchost.exe[336] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\svchost.exe[336] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\svchost.exe[336] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\svchost.exe[336] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[336] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[336] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\smss.exe[704] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[720] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[720] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[720] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[720] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[720] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[720] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[720] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[720] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[720] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[720] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[720] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\csrss.exe[760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[760] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8 
.text C:\WINDOWS\system32\winlogon.exe[800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[800] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC 
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10028AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 10028860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[848] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[848] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[856] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\lsass.exe[856] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\lsass.exe[856] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\lsass.exe[856] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\lsass.exe[856] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\lsass.exe[856] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\lsass.exe[856] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[856] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[856] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\netdde.exe[1060] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\netdde.exe[1060] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\netdde.exe[1060] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\netdde.exe[1060] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\netdde.exe[1060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\netdde.exe[1060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\netdde.exe[1060] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\netdde.exe[1060] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\netdde.exe[1060] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\netdde.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\netdde.exe[1060] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\netdde.exe[1060] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\netdde.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\netdde.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\netdde.exe[1060] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\netdde.exe[1060] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\netdde.exe[1060] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\netdde.exe[1060] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\netdde.exe[1060] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\netdde.exe[1060] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\netdde.exe[1060] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\netdde.exe[1060] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\netdde.exe[1060] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\netdde.exe[1060] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\netdde.exe[1060] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1076] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1076] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1076] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A7CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A85680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00A7CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A826F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A83280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00A81220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00A81B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C 
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] ADVAPI32.dll!ChangeServiceConfig2W  77E37189 5 Bytes JMP 003A0E10 
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC 
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804 
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08 
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600 
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8 
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC 
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00A8DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00A8E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1176] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 00A8E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!CreateProcessAsUserW  77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1320] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1320] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1360] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1360] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1360] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1360] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1360] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1360] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1360] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\spoolsv.exe[1360] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\spoolsv.exe[1360] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\spoolsv.exe[1360] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\spoolsv.exe[1360] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\spoolsv.exe[1360] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\spoolsv.exe[1360] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\spoolsv.exe[1360] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\spoolsv.exe[1360] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\spoolsv.exe[1360] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\spoolsv.exe[1360] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\spoolsv.exe[1360] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\spoolsv.exe[1360] USER32.dll!UnhookWinEvent  7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\spoolsv.exe[1360] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1360] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1360] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] ntdll.dll!LdrLoadDll  7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804 
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08 
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600 
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8 
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC 
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014 
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804 
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08 
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C 
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10 
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8 
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC 
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600 
.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)


----------



## lisanti (Jul 11, 2003)

GMER Part 3::

.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ntdll.dll!LdrUnloadDll  7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[1580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[1580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[1580] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\SOUNDMAN.EXE[1580] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!DeleteService  77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1588] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1588] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A6CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A75680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00A6CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A726F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A73280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00A71220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00A71B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00A7DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00A7E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 00A7E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0074CB10 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A9CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00AA5680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00A9CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AA26F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AA3280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00AA1220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00AA1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08 
.text  C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00AADF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00AAE410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 00AAE1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ntdll.dll!NtClose 7C90CFEE 3 Bytes JMP 0091CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ntdll.dll!NtClose + 4 7C90CFF2 1 Byte [84]
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ntdll.dll!LdrLoadDll 7C91632D 3 Bytes JMP 00925680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ntdll.dll!LdrLoadDll + 4 7C916331 1 Byte [84]
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ntdll.dll!LdrUnloadDll 7C9171CD 3 Bytes JMP 0091CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ntdll.dll!LdrUnloadDll + 4 7C9171D1 1 Byte [84]
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00923280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0092DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0092E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 0092E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00921220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00921B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ADVAPI32.dll!SetServiceObjectSecurity  77E36D81 3 Bytes JMP 003C1014 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0098CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00995680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0098CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009926F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00993280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] USER32.dll!UnhookWinEvent  7E4318AC 5 Bytes JMP 003903FC 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0099DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00991220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00991B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 
.text C:\WINDOWS\System32\vssvc.exe[1920] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\vssvc.exe[1920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\vssvc.exe[1920] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\vssvc.exe[1920] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\vssvc.exe[1920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\vssvc.exe[1920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\vssvc.exe[1920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\vssvc.exe[1920] USER32.dll!SetWindowsHookExW  7E42820F 5 Bytes JMP 002B0804 
.text C:\WINDOWS\System32\vssvc.exe[1920] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\System32\vssvc.exe[1920] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600 
.text C:\WINDOWS\System32\vssvc.exe[1920] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\System32\vssvc.exe[1920] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\System32\vssvc.exe[1920] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\vssvc.exe[1920] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\vssvc.exe[1920] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\vssvc.exe[1920] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 
.text C:\WINDOWS\System32\vssvc.exe[1920] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 
.text C:\WINDOWS\System32\vssvc.exe[1920] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\System32\vssvc.exe[1920] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C 
.text C:\WINDOWS\System32\vssvc.exe[1920] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 
.text C:\WINDOWS\System32\vssvc.exe[1920] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\System32\vssvc.exe[1920] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\System32\vssvc.exe[1920] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 
.text C:\WINDOWS\System32\vssvc.exe[1920] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\vssvc.exe[1920] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\msdtc.exe[2172] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\msdtc.exe[2172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\msdtc.exe[2172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\msdtc.exe[2172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\msdtc.exe[2172] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\msdtc.exe[2172] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\msdtc.exe[2172] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\msdtc.exe[2172] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\msdtc.exe[2172] ADVAPI32.dll!CreateProcessAsUserA  77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\msdtc.exe[2172] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\msdtc.exe[2172] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\msdtc.exe[2172] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\msdtc.exe[2172] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\msdtc.exe[2172] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\msdtc.exe[2172] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\msdtc.exe[2172] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\msdtc.exe[2172] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\msdtc.exe[2172] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\msdtc.exe[2172] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\msdtc.exe[2172] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\msdtc.exe[2172] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\msdtc.exe[2172] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\msdtc.exe[2172] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\msdtc.exe[2172] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\msdtc.exe[2172] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2272] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2272] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\svchost.exe[2272] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\svchost.exe[2272] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\svchost.exe[2272] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\svchost.exe[2272] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\svchost.exe[2272] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\svchost.exe[2272] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2272] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2272] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2444] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2444] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2444] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2444] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2444] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2444] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2444] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2444] ADVAPI32.dll!SetServiceObjectSecurity  77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\System32\svchost.exe[2444] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\System32\svchost.exe[2444] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\System32\svchost.exe[2444] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\System32\svchost.exe[2444] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\System32\svchost.exe[2444] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\System32\svchost.exe[2444] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\System32\svchost.exe[2444] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\System32\svchost.exe[2444] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\System32\svchost.exe[2444] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\System32\svchost.exe[2444] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\System32\svchost.exe[2444] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\System32\svchost.exe[2444] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\System32\svchost.exe[2444] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2444] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2444] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\System32\svchost.exe[2676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\System32\svchost.exe[2676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\System32\svchost.exe[2676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\System32\svchost.exe[2676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\System32\svchost.exe[2676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\System32\svchost.exe[2676] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2676] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2676] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[2804] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[2804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[2804] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\locator.exe[2804] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[2804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[2804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[2804] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\locator.exe[2804] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[2804] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[2804] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\locator.exe[2804] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\locator.exe[2804] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\locator.exe[2804] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\locator.exe[2804] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\locator.exe[2804] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\locator.exe[2804] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\locator.exe[2804] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\locator.exe[2804] USER32.dll!SetWindowsHookExW  7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\locator.exe[2804] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\locator.exe[2804] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\locator.exe[2804] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\locator.exe[2804] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\locator.exe[2804] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[2804] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[2804] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3008] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text  C:\WINDOWS\system32\svchost.exe[3008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3008] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3008] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\svchost.exe[3008] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\svchost.exe[3008] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\svchost.exe[3008] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\svchost.exe[3008] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\svchost.exe[3008] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\svchost.exe[3008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\svchost.exe[3008] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\svchost.exe[3008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\svchost.exe[3008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\svchost.exe[3008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\svchost.exe[3008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\svchost.exe[3008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\svchost.exe[3008] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3008] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3008] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3140] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3140] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3140] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3140] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3140] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3140] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3140] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3452] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3452] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3452] kernel32.dll!CreateProcessA  7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3452] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3452] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3452] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\svchost.exe[3452] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\svchost.exe[3452] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\svchost.exe[3452] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\svchost.exe[3452] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\svchost.exe[3452] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\svchost.exe[3452] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\svchost.exe[3452] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\svchost.exe[3452] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\svchost.exe[3452] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\svchost.exe[3452] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\svchost.exe[3452] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\svchost.exe[3452] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\svchost.exe[3452] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3452] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3452] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005190B0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00531040 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08 
.text  C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600 
.text C:\WINDOWS\system32\svchost.exe[3912] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3912] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3912] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3912] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3912] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3912] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\svchost.exe[3912] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\svchost.exe[3912] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\svchost.exe[3912] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\svchost.exe[3912] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\svchost.exe[3912] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\svchost.exe[3912] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\svchost.exe[3912] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\svchost.exe[3912] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\svchost.exe[3912] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\svchost.exe[3912] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\svchost.exe[3912] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\svchost.exe[3912] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\svchost.exe[3912] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3912] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3912] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\dmadmin.exe[3948] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\dmadmin.exe[3948] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\dmadmin.exe[3948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\dmadmin.exe[3948] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\dmadmin.exe[3948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\dmadmin.exe[3948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\dmadmin.exe[3948] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\dmadmin.exe[3948] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\dmadmin.exe[3948] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\dmadmin.exe[3948] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 
.text C:\WINDOWS\System32\dmadmin.exe[3948] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 
.text C:\WINDOWS\System32\dmadmin.exe[3948] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\System32\dmadmin.exe[3948] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C 
.text C:\WINDOWS\System32\dmadmin.exe[3948] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 
.text C:\WINDOWS\System32\dmadmin.exe[3948] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\System32\dmadmin.exe[3948] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\System32\dmadmin.exe[3948] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 
.text C:\WINDOWS\System32\dmadmin.exe[3948] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804 
.text C:\WINDOWS\System32\dmadmin.exe[3948] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08 
.text C:\WINDOWS\System32\dmadmin.exe[3948] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600 
.text C:\WINDOWS\System32\dmadmin.exe[3948] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8 
.text C:\WINDOWS\System32\dmadmin.exe[3948] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC 
.text C:\WINDOWS\System32\dmadmin.exe[3948] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\dmadmin.exe[3948] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\dmadmin.exe[3948] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] USER32.dll!UnhookWindowsHookEx  7E42D5F3 5 Bytes JMP 00390A08 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[4052] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[4052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[4052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[4052] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[4052] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[4052] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[4052] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[4052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804 
.text C:\WINDOWS\system32\wscntfy.exe[4052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08 
.text C:\WINDOWS\system32\wscntfy.exe[4052] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600 
.text C:\WINDOWS\system32\wscntfy.exe[4052] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8 
.text C:\WINDOWS\system32\wscntfy.exe[4052] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC 
.text C:\WINDOWS\system32\wscntfy.exe[4052] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[4052] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[4052] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[4052] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014 
.text C:\WINDOWS\system32\wscntfy.exe[4052] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804 
.text C:\WINDOWS\system32\wscntfy.exe[4052] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08 
.text C:\WINDOWS\system32\wscntfy.exe[4052] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C 
.text C:\WINDOWS\system32\wscntfy.exe[4052] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10 
.text C:\WINDOWS\system32\wscntfy.exe[4052] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8 
.text C:\WINDOWS\system32\wscntfy.exe[4052] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC 
.text C:\WINDOWS\system32\wscntfy.exe[4052] ADVAPI32.dll!DeleteService  77E374B1 5 Bytes JMP 002E0600 
.text C:\WINDOWS\system32\wscntfy.exe[4052] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[4052] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[4128] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[4128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[4128] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[4128] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[4128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[4128] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[4128] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[4128] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804 
.text C:\WINDOWS\System32\alg.exe[4128] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\System32\alg.exe[4128] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600 
.text C:\WINDOWS\System32\alg.exe[4128] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\System32\alg.exe[4128] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\System32\alg.exe[4128] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[4128] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[4128] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[4128] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 
.text C:\WINDOWS\System32\alg.exe[4128] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 
.text C:\WINDOWS\System32\alg.exe[4128] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\System32\alg.exe[4128] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C 
.text C:\WINDOWS\System32\alg.exe[4128] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 
.text C:\WINDOWS\System32\alg.exe[4128] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\System32\alg.exe[4128] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\System32\alg.exe[4128] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 
.text C:\WINDOWS\System32\alg.exe[4128] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[4128] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4212] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4212] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[4212] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4212] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[4212] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4212] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4212] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4212] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4212] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\dllhost.exe[4212] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\dllhost.exe[4212] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\dllhost.exe[4212] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\dllhost.exe[4212] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\dllhost.exe[4212] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\dllhost.exe[4212] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\dllhost.exe[4212] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\dllhost.exe[4212] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\dllhost.exe[4212] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\dllhost.exe[4212] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\dllhost.exe[4212] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\dllhost.exe[4212] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\dllhost.exe[4212] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4308] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4308] ntdll.dll!LdrLoadDll  7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4308] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[4308] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4308] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[4308] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4308] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4308] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4308] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4308] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\dllhost.exe[4308] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\dllhost.exe[4308] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\dllhost.exe[4308] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\dllhost.exe[4308] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\dllhost.exe[4308] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\dllhost.exe[4308] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\dllhost.exe[4308] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\dllhost.exe[4308] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\dllhost.exe[4308] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\dllhost.exe[4308] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\dllhost.exe[4308] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\dllhost.exe[4308] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\dllhost.exe[4308] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[4988] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[4988] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[4988] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\explorer.exe[4988] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[4988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[4988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[4988] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\explorer.exe[4988] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[4988] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[4988] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 
.text C:\WINDOWS\explorer.exe[4988] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 
.text C:\WINDOWS\explorer.exe[4988] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\explorer.exe[4988] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C 
.text C:\WINDOWS\explorer.exe[4988] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 
.text C:\WINDOWS\explorer.exe[4988] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\explorer.exe[4988] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\explorer.exe[4988] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 
.text C:\WINDOWS\explorer.exe[4988] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804 
.text C:\WINDOWS\explorer.exe[4988] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08 
.text C:\WINDOWS\explorer.exe[4988] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600 
.text C:\WINDOWS\explorer.exe[4988] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8 
.text C:\WINDOWS\explorer.exe[4988] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC 
.text C:\WINDOWS\explorer.exe[4988] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[4988] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[4988] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[5768] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[5768] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[5768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[5768] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[5768] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[5768] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[5768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[5768] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[5768] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[5768] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[5768] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[5768] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 
.text C:\WINDOWS\system32\wuauclt.exe[5768] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\wuauclt.exe[5768] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\wuauclt.exe[5768] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C 
.text C:\WINDOWS\system32\wuauclt.exe[5768] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 
.text C:\WINDOWS\system32\wuauclt.exe[5768] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\wuauclt.exe[5768] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\wuauclt.exe[5768] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\wuauclt.exe[5768] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804 
.text C:\WINDOWS\system32\wuauclt.exe[5768] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08 
.text C:\WINDOWS\system32\wuauclt.exe[5768] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600 
.text C:\WINDOWS\system32\wuauclt.exe[5768] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8 
.text C:\WINDOWS\system32\wuauclt.exe[5768] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC 
.text C:\WINDOWS\system32\wuauclt.exe[5768] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip  cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----


----------



## lisanti (Jul 11, 2003)

GMER Part 3:

.text C:\Program Files\DOWNLOADS\98ldo7f7.exe[1520] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[1580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[1580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[1580] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\SOUNDMAN.EXE[1580] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ADVAPI32.dll!CreateServiceA  77E37211 5 Bytes JMP 003901F8 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[1580] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text  C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1588] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1588] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1604] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A6CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A75680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00A6CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A726F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A73280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00A71220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00A71B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC 
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00A7DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00A7E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1620] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 00A7E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1640] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Verizon\McciTrayApp.exe[1652] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0074CB10 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] USER32.dll!SetWinEventHook  7E4317F7 5 Bytes JMP 003B01F8 
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1664] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ADVAPI32.dll!ChangeServiceConfigW  77E37001 5 Bytes JMP 003A0A08 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1676] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC 
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1692] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC 
.text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[1708] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1744] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A9CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00AA5680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00A9CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AA26F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AA3280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00AA1220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00AA1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC 
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00AADF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00AAE410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AWS\WeatherBug\Weather.exe[1752] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 00AAE1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC 
.text C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe[1768] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ntdll.dll!NtClose 7C90CFEE 3 Bytes JMP 0091CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ntdll.dll!NtClose + 4 7C90CFF2 1 Byte [84]
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ntdll.dll!LdrLoadDll 7C91632D 3 Bytes JMP 00925680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ntdll.dll!LdrLoadDll + 4 7C916331 1 Byte [84]
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ntdll.dll!LdrUnloadDll 7C9171CD 3 Bytes JMP 0091CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ntdll.dll!LdrUnloadDll + 4 7C9171D1 1 Byte [84]
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00923280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0092DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ole32.dll!CoCreateInstanceEx  774FF164 5 Bytes JMP 0092E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 0092E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00921220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00921B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC 
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1780] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0098CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00995680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0098CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009926F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00993280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0099DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00991220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00991B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC 
.text C:\Program Files\Digital Line Detect\DLG.exe[1896] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 
.text C:\WINDOWS\System32\vssvc.exe[1920] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\vssvc.exe[1920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\vssvc.exe[1920] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\vssvc.exe[1920] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\vssvc.exe[1920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\vssvc.exe[1920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\vssvc.exe[1920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\vssvc.exe[1920] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804 
.text C:\WINDOWS\System32\vssvc.exe[1920] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\System32\vssvc.exe[1920] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600 
.text C:\WINDOWS\System32\vssvc.exe[1920] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\System32\vssvc.exe[1920] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\System32\vssvc.exe[1920] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\vssvc.exe[1920] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\vssvc.exe[1920] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\vssvc.exe[1920] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 
.text C:\WINDOWS\System32\vssvc.exe[1920] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 
.text C:\WINDOWS\System32\vssvc.exe[1920] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\System32\vssvc.exe[1920] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C 
.text C:\WINDOWS\System32\vssvc.exe[1920] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 
.text C:\WINDOWS\System32\vssvc.exe[1920] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\System32\vssvc.exe[1920] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\System32\vssvc.exe[1920] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 
.text C:\WINDOWS\System32\vssvc.exe[1920] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\vssvc.exe[1920] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1924] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ADVAPI32.dll!ChangeServiceConfig2W  77E37189 5 Bytes JMP 003A0E10 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600


----------



## lisanti (Jul 11, 2003)

GMER part 4:

.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC 
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe[1968] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\msdtc.exe[2172] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\msdtc.exe[2172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\msdtc.exe[2172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\msdtc.exe[2172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\msdtc.exe[2172] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\msdtc.exe[2172] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\msdtc.exe[2172] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\msdtc.exe[2172] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\msdtc.exe[2172] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\msdtc.exe[2172] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\msdtc.exe[2172] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\msdtc.exe[2172] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\msdtc.exe[2172] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\msdtc.exe[2172] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\msdtc.exe[2172] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\msdtc.exe[2172] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\msdtc.exe[2172] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\msdtc.exe[2172] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\msdtc.exe[2172] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\msdtc.exe[2172] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\msdtc.exe[2172] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\msdtc.exe[2172] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\msdtc.exe[2172] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\msdtc.exe[2172] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\msdtc.exe[2172] ole32.dll!CoGetClassObject  77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2272] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2272] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\svchost.exe[2272] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\svchost.exe[2272] USER32.dll!UnhookWindowsHookEx  7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\svchost.exe[2272] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\svchost.exe[2272] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\svchost.exe[2272] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\svchost.exe[2272] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2272] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2272] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2352] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2444] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2444] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2444] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2444] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2444] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2444] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2444] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2444] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\System32\svchost.exe[2444] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\System32\svchost.exe[2444] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\System32\svchost.exe[2444] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\System32\svchost.exe[2444] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\System32\svchost.exe[2444] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\System32\svchost.exe[2444] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\System32\svchost.exe[2444] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\System32\svchost.exe[2444] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\System32\svchost.exe[2444] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\System32\svchost.exe[2444] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\System32\svchost.exe[2444] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\System32\svchost.exe[2444] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\System32\svchost.exe[2444] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2444] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2444] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtClose  7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\System32\svchost.exe[2676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\System32\svchost.exe[2676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\System32\svchost.exe[2676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\System32\svchost.exe[2676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\System32\svchost.exe[2676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\System32\svchost.exe[2676] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2676] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2676] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[2804] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[2804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[2804] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\locator.exe[2804] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[2804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[2804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[2804] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\locator.exe[2804] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[2804] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[2804] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\locator.exe[2804] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\locator.exe[2804] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\locator.exe[2804] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\locator.exe[2804] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\locator.exe[2804] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\locator.exe[2804] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\locator.exe[2804] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\locator.exe[2804] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\locator.exe[2804] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\locator.exe[2804] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\locator.exe[2804] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\locator.exe[2804] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\locator.exe[2804] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[2804] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[2804] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2932] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3008] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3008] ntdll.dll!LdrLoadDll  7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3008] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3008] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\svchost.exe[3008] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\svchost.exe[3008] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\svchost.exe[3008] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\svchost.exe[3008] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\svchost.exe[3008] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\svchost.exe[3008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\svchost.exe[3008] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\svchost.exe[3008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\svchost.exe[3008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\svchost.exe[3008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\svchost.exe[3008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\svchost.exe[3008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\svchost.exe[3008] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3008] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3008] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3140] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3140] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3140] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3140] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3140] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3140] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3140] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3368] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ADVAPI32.dll!CreateProcessAsUserW  77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC 
.text C:\Program Files\Java\jre6\bin\jqs.exe[3400] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3452] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3452] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3452] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3452] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3452] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\svchost.exe[3452] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\svchost.exe[3452] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\svchost.exe[3452] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\svchost.exe[3452] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\svchost.exe[3452] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\svchost.exe[3452] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\svchost.exe[3452] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\svchost.exe[3452] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\svchost.exe[3452] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\svchost.exe[3452] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\svchost.exe[3452] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\svchost.exe[3452] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\svchost.exe[3452] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3452] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3452] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 
.text  C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC 
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3676] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005190B0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00531040 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]


----------



## lisanti (Jul 11, 2003)

GMER Part 5:

.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[3764] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600 
.text C:\WINDOWS\system32\svchost.exe[3912] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3912] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3912] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3912] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3912] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3912] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\svchost.exe[3912] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\svchost.exe[3912] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\svchost.exe[3912] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\svchost.exe[3912] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\svchost.exe[3912] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\svchost.exe[3912] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\svchost.exe[3912] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\svchost.exe[3912] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\svchost.exe[3912] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\svchost.exe[3912] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\svchost.exe[3912] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\svchost.exe[3912] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\svchost.exe[3912] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3912] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3912] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\dmadmin.exe[3948] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\dmadmin.exe[3948] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\dmadmin.exe[3948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\dmadmin.exe[3948] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\dmadmin.exe[3948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\dmadmin.exe[3948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\dmadmin.exe[3948] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\dmadmin.exe[3948] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\dmadmin.exe[3948] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\dmadmin.exe[3948] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 
.text C:\WINDOWS\System32\dmadmin.exe[3948] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 
.text C:\WINDOWS\System32\dmadmin.exe[3948] ADVAPI32.dll!ChangeServiceConfigW  77E37001 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\System32\dmadmin.exe[3948] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C 
.text C:\WINDOWS\System32\dmadmin.exe[3948] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 
.text C:\WINDOWS\System32\dmadmin.exe[3948] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\System32\dmadmin.exe[3948] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\System32\dmadmin.exe[3948] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 
.text C:\WINDOWS\System32\dmadmin.exe[3948] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804 
.text C:\WINDOWS\System32\dmadmin.exe[3948] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08 
.text C:\WINDOWS\System32\dmadmin.exe[3948] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600 
.text C:\WINDOWS\System32\dmadmin.exe[3948] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8 
.text C:\WINDOWS\System32\dmadmin.exe[3948] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC 
.text C:\WINDOWS\System32\dmadmin.exe[3948] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\dmadmin.exe[3948] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\dmadmin.exe[3948] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[4012] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[4052] ntdll.dll!NtClose  7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[4052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[4052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[4052] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[4052] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[4052] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[4052] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[4052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804 
.text C:\WINDOWS\system32\wscntfy.exe[4052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08 
.text C:\WINDOWS\system32\wscntfy.exe[4052] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600 
.text C:\WINDOWS\system32\wscntfy.exe[4052] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8 
.text C:\WINDOWS\system32\wscntfy.exe[4052] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC 
.text C:\WINDOWS\system32\wscntfy.exe[4052] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[4052] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[4052] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[4052] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014 
.text C:\WINDOWS\system32\wscntfy.exe[4052] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804 
.text C:\WINDOWS\system32\wscntfy.exe[4052] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08 
.text C:\WINDOWS\system32\wscntfy.exe[4052] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C 
.text C:\WINDOWS\system32\wscntfy.exe[4052] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10 
.text C:\WINDOWS\system32\wscntfy.exe[4052] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8 
.text C:\WINDOWS\system32\wscntfy.exe[4052] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC 
.text C:\WINDOWS\system32\wscntfy.exe[4052] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600 
.text C:\WINDOWS\system32\wscntfy.exe[4052] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[4052] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC 
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[4092] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[4128] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[4128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[4128] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[4128] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[4128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[4128] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[4128] kernel32.dll!GetBinaryTypeW + 80  7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[4128] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804 
.text C:\WINDOWS\System32\alg.exe[4128] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\System32\alg.exe[4128] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600 
.text C:\WINDOWS\System32\alg.exe[4128] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\System32\alg.exe[4128] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\System32\alg.exe[4128] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[4128] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[4128] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[4128] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 
.text C:\WINDOWS\System32\alg.exe[4128] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 
.text C:\WINDOWS\System32\alg.exe[4128] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\System32\alg.exe[4128] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C 
.text C:\WINDOWS\System32\alg.exe[4128] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 
.text C:\WINDOWS\System32\alg.exe[4128] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\System32\alg.exe[4128] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\System32\alg.exe[4128] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 
.text C:\WINDOWS\System32\alg.exe[4128] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[4128] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC 
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC12.exe[4180] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4212] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4212] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[4212] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4212] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[4212] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4212] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4212] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4212] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4212] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\dllhost.exe[4212] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\dllhost.exe[4212] ADVAPI32.dll!ChangeServiceConfigW  77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\dllhost.exe[4212] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\dllhost.exe[4212] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\dllhost.exe[4212] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\dllhost.exe[4212] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\dllhost.exe[4212] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\dllhost.exe[4212] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\dllhost.exe[4212] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\dllhost.exe[4212] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\dllhost.exe[4212] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\dllhost.exe[4212] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\dllhost.exe[4212] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4308] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4308] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4308] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[4308] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4308] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[4308] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4308] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4308] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4308] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[4308] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 
.text C:\WINDOWS\system32\dllhost.exe[4308] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 
.text C:\WINDOWS\system32\dllhost.exe[4308] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 
.text C:\WINDOWS\system32\dllhost.exe[4308] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C 
.text C:\WINDOWS\system32\dllhost.exe[4308] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 
.text C:\WINDOWS\system32\dllhost.exe[4308] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 
.text C:\WINDOWS\system32\dllhost.exe[4308] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC 
.text C:\WINDOWS\system32\dllhost.exe[4308] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 
.text C:\WINDOWS\system32\dllhost.exe[4308] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\dllhost.exe[4308] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\dllhost.exe[4308] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\dllhost.exe[4308] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\dllhost.exe[4308] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\dllhost.exe[4308] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[4988] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[4988] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[4988] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\explorer.exe[4988] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[4988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[4988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[4988] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\explorer.exe[4988] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[4988] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[4988] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 
.text C:\WINDOWS\explorer.exe[4988] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 
.text C:\WINDOWS\explorer.exe[4988] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\explorer.exe[4988] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C 
.text C:\WINDOWS\explorer.exe[4988] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 
.text C:\WINDOWS\explorer.exe[4988] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\explorer.exe[4988] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\explorer.exe[4988] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 
.text C:\WINDOWS\explorer.exe[4988] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804 
.text C:\WINDOWS\explorer.exe[4988] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08 
.text C:\WINDOWS\explorer.exe[4988] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600 
.text C:\WINDOWS\explorer.exe[4988] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8 
.text C:\WINDOWS\explorer.exe[4988] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC 
.text C:\WINDOWS\explorer.exe[4988] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[4988] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[4988] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[5768] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[5768] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[5768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[5768] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[5768] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[5768] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[5768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[5768] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[5768] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[5768] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[5768] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[5768] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 
.text C:\WINDOWS\system32\wuauclt.exe[5768] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 
.text C:\WINDOWS\system32\wuauclt.exe[5768] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08 
.text C:\WINDOWS\system32\wuauclt.exe[5768] ADVAPI32.dll!ChangeServiceConfig2A  77E37101 5 Bytes JMP 002C0C0C 
.text C:\WINDOWS\system32\wuauclt.exe[5768] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 
.text C:\WINDOWS\system32\wuauclt.exe[5768] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 
.text C:\WINDOWS\system32\wuauclt.exe[5768] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC 
.text C:\WINDOWS\system32\wuauclt.exe[5768] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 
.text C:\WINDOWS\system32\wuauclt.exe[5768] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804 
.text C:\WINDOWS\system32\wuauclt.exe[5768] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08 
.text C:\WINDOWS\system32\wuauclt.exe[5768] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600 
.text C:\WINDOWS\system32\wuauclt.exe[5768] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8 
.text C:\WINDOWS\system32\wuauclt.exe[5768] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC 
.text C:\WINDOWS\system32\wuauclt.exe[5768] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----


----------



## lisanti (Jul 11, 2003)

Here's the log for TDSS Killer; it didn't find anything.

17:37:08.0953 5344	TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
17:37:09.0421 5344	============================================================
17:37:09.0421 5344	Current date / time: 2012/04/29 17:37:09.0421
17:37:09.0421 5344	SystemInfo:
17:37:09.0421 5344	
17:37:09.0421 5344	OS Version: 5.1.2600 ServicePack: 3.0
17:37:09.0421 5344	Product type: Workstation
17:37:09.0421 5344	ComputerName: LIVINGROOM
17:37:09.0421 5344	UserName: Lisanti
17:37:09.0421 5344	Windows directory: C:\WINDOWS
17:37:09.0421 5344	System windows directory: C:\WINDOWS
17:37:09.0421 5344	Processor architecture: Intel x86
17:37:09.0421 5344	Number of processors: 2
17:37:09.0421 5344	Page size: 0x1000
17:37:09.0421 5344	Boot type: Normal boot
17:37:09.0421 5344	============================================================
17:37:12.0656 5344	Drive \Device\Harddisk0\DR0 - Size: 0x3A3518C200 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76B9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:37:12.0656 5344	Drive \Device\Harddisk1\DR4 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:37:12.0703 5344	============================================================
17:37:12.0703 5344	\Device\Harddisk0\DR0:
17:37:12.0703 5344	MBR partitions:
17:37:12.0703 5344	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x1CAEF143
17:37:12.0703 5344	\Device\Harddisk1\DR4:
17:37:12.0703 5344	MBR partitions:
17:37:12.0703 5344	\Device\Harddisk1\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
17:37:12.0703 5344	============================================================
17:37:12.0734 5344	C: <-> \Device\Harddisk0\DR0\Partition0
17:37:12.0781 5344	I: <-> \Device\Harddisk1\DR4\Partition0
17:37:12.0781 5344	============================================================
17:37:12.0781 5344	Initialize success
17:37:12.0781 5344	============================================================
17:37:24.0390 4112	============================================================
17:37:24.0390 4112	Scan started
17:37:24.0390 4112	Mode: Manual; 
17:37:24.0390 4112	============================================================
17:37:24.0859 4112	Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
17:37:24.0859 4112	Aavmker4 - ok
17:37:24.0875 4112	Abiosdsk - ok
17:37:24.0906 4112	abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:37:24.0906 4112	abp480n5 - ok
17:37:24.0953 4112	ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:37:24.0953 4112	ACPI - ok
17:37:24.0984 4112	ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:37:24.0984 4112	ACPIEC - ok
17:37:25.0093 4112	AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:37:25.0093 4112	AdobeFlashPlayerUpdateSvc - ok
17:37:25.0109 4112	adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:37:25.0125 4112	adpu160m - ok
17:37:25.0156 4112	aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:37:25.0156 4112	aec - ok
17:37:25.0203 4112	AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:37:25.0203 4112	AFD - ok
17:37:25.0250 4112	agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:37:25.0250 4112	agp440 - ok
17:37:25.0265 4112	agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:37:25.0265 4112	agpCPQ - ok
17:37:25.0281 4112	Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:37:25.0281 4112	Aha154x - ok
17:37:25.0328 4112	aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:37:25.0328 4112	aic78u2 - ok
17:37:25.0343 4112	aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:37:25.0343 4112	aic78xx - ok
17:37:25.0390 4112	Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:37:25.0390 4112	Alerter - ok
17:37:25.0406 4112	ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:37:25.0421 4112	ALG - ok
17:37:25.0421 4112	AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:37:25.0421 4112	AliIde - ok
17:37:25.0421 4112	alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:37:25.0421 4112	alim1541 - ok
17:37:25.0437 4112	amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:37:25.0437 4112	amdagp - ok
17:37:25.0453 4112	amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:37:25.0453 4112	amsint - ok
17:37:25.0453 4112	AppMgmt - ok
17:37:25.0484 4112	asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:37:25.0484 4112	asc - ok
17:37:25.0500 4112	asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:37:25.0500 4112	asc3350p - ok
17:37:25.0500 4112	asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:37:25.0515 4112	asc3550 - ok
17:37:25.0562 4112	Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\aspi32.sys
17:37:25.0562 4112	Aspi32 - ok
17:37:25.0687 4112	aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:37:25.0687 4112	aspnet_state - ok
17:37:25.0734 4112	aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:37:25.0734 4112	aswFsBlk - ok
17:37:25.0765 4112	aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
17:37:25.0765 4112	aswMon2 - ok
17:37:25.0796 4112	aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
17:37:25.0796 4112	aswRdr - ok
17:37:25.0875 4112	aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
17:37:25.0890 4112	aswSnx - ok
17:37:25.0906 4112	aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
17:37:25.0906 4112	aswSP - ok
17:37:25.0921 4112	aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
17:37:25.0921 4112	aswTdi - ok
17:37:25.0953 4112	AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:37:25.0953 4112	AsyncMac - ok
17:37:25.0968 4112	atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:37:25.0968 4112	atapi - ok
17:37:25.0968 4112	Atdisk - ok
17:37:26.0031 4112	Ati HotKey Poller (281d26df656e53dab568214ee282ec46) C:\WINDOWS\system32\Ati2evxx.exe
17:37:26.0046 4112	Ati HotKey Poller - ok
17:37:26.0281 4112	ati2mtag (c2b6f2161abd498d2b453050ffc81812) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:37:26.0328 4112	ati2mtag - ok
17:37:26.0437 4112	AtiHdmiService (1cae756c8baefb2b25964baa639fdd5c) C:\WINDOWS\system32\drivers\AtiHdmi.sys
17:37:26.0437 4112	AtiHdmiService - ok
17:37:26.0484 4112	Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:37:26.0484 4112	Atmarpc - ok
17:37:26.0500 4112	AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:37:26.0515 4112	AudioSrv - ok
17:37:26.0546 4112	audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:37:26.0546 4112	audstub - ok
17:37:26.0640 4112	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
17:37:26.0640 4112	avast! Antivirus - ok
17:37:26.0687 4112	Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:37:26.0687 4112	Beep - ok
17:37:26.0750 4112	BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:37:26.0765 4112	BITS - ok
17:37:26.0812 4112	Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:37:26.0828 4112	Browser - ok
17:37:26.0843 4112	cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:37:26.0859 4112	cbidf - ok
17:37:26.0859 4112	cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:37:26.0859 4112	cbidf2k - ok
17:37:26.0875 4112	cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:37:26.0875 4112	cd20xrnt - ok
17:37:26.0906 4112	Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:37:26.0906 4112	Cdaudio - ok
17:37:26.0921 4112	Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:37:26.0921 4112	Cdfs - ok
17:37:26.0968 4112	Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:37:26.0984 4112	Cdrom - ok
17:37:27.0015 4112	cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
17:37:27.0015 4112	cercsr6 - ok
17:37:27.0015 4112	Changer - ok
17:37:27.0062 4112	CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:37:27.0062 4112	CiSvc - ok
17:37:27.0078 4112	ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:37:27.0093 4112	ClipSrv - ok
17:37:27.0203 4112	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:37:27.0203 4112	clr_optimization_v2.0.50727_32 - ok
17:37:27.0343 4112	cmdAgent (43f37e8f60f3677e84c6afc70c784afd) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
17:37:27.0359 4112	cmdAgent - ok
17:37:27.0484 4112	cmdGuard (251f906328af49e7927a1ad12b543a2f) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
17:37:27.0484 4112	cmdGuard - ok
17:37:27.0500 4112	cmdHlp (207f06d08afcdd3bbc801eab1a845cfb) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
17:37:27.0500 4112	cmdHlp - ok
17:37:27.0531 4112	CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:37:27.0531 4112	CmdIde - ok
17:37:27.0531 4112	COMSysApp - ok
17:37:27.0562 4112	Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:37:27.0578 4112	Cpqarray - ok
17:37:27.0609 4112	CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:37:27.0609 4112	CryptSvc - ok
17:37:27.0656 4112	dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:37:27.0656 4112	dac2w2k - ok
17:37:27.0687 4112	dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:37:27.0703 4112	dac960nt - ok
17:37:27.0750 4112	DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:37:27.0765 4112	DcomLaunch - ok
17:37:27.0796 4112	Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:37:27.0812 4112	Dhcp - ok
17:37:27.0828 4112	Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:37:27.0828 4112	Disk - ok
17:37:27.0828 4112	dmadmin - ok
17:37:27.0890 4112	dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:37:27.0890 4112	dmboot - ok
17:37:27.0921 4112	dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:37:27.0921 4112	dmio - ok
17:37:27.0953 4112	dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:37:27.0953 4112	dmload - ok
17:37:27.0968 4112	dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:37:27.0968 4112	dmserver - ok
17:37:28.0000 4112	DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:37:28.0000 4112	DMusic - ok
17:37:28.0062 4112	Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:37:28.0062 4112	Dnscache - ok
17:37:28.0109 4112	Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:37:28.0109 4112	Dot3svc - ok
17:37:28.0140 4112	dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:37:28.0140 4112	dpti2o - ok
17:37:28.0171 4112	drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:37:28.0171 4112	drmkaud - ok
17:37:28.0203 4112	E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:37:28.0203 4112	E100B - ok
17:37:28.0234 4112	e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
17:37:28.0234 4112	e1express - ok
17:37:28.0250 4112	EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:37:28.0250 4112	EapHost - ok
17:37:28.0296 4112	ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:37:28.0296 4112	ERSvc - ok
17:37:28.0343 4112	Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:37:28.0359 4112	Eventlog - ok
17:37:28.0390 4112	EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:37:28.0390 4112	EventSystem - ok
17:37:28.0421 4112	Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:37:28.0421 4112	Fastfat - ok
17:37:28.0468 4112	FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:37:28.0484 4112	FastUserSwitchingCompatibility - ok
17:37:28.0531 4112	Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
17:37:28.0531 4112	Fax - ok
17:37:28.0578 4112	Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:37:28.0578 4112	Fdc - ok
17:37:28.0593 4112	Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:37:28.0593 4112	Fips - ok
17:37:28.0609 4112	Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:37:28.0609 4112	Flpydisk - ok
17:37:28.0656 4112	FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:37:28.0671 4112	FltMgr - ok
17:37:28.0781 4112	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:37:28.0796 4112	FontCache3.0.0.0 - ok
17:37:28.0796 4112	Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:37:28.0796 4112	Fs_Rec - ok
17:37:28.0812 4112	Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:37:28.0812 4112	Ftdisk - ok
17:37:28.0859 4112	Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:37:28.0859 4112	Gpc - ok
17:37:28.0984 4112	gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:37:29.0000 4112	gupdate - ok
17:37:29.0000 4112	gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:37:29.0000 4112	gupdatem - ok
17:37:29.0046 4112	HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:37:29.0046 4112	HDAudBus - ok
17:37:29.0140 4112	helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:37:29.0140 4112	helpsvc - ok
17:37:29.0171 4112	HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
17:37:29.0171 4112	HidServ - ok
17:37:29.0203 4112	HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:37:29.0203 4112	HidUsb - ok
17:37:29.0250 4112	hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:37:29.0250 4112	hkmsvc - ok
17:37:29.0281 4112	hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:37:29.0281 4112	hpn - ok
17:37:29.0312 4112	HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:37:29.0312 4112	HPZid412 - ok
17:37:29.0343 4112	HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:37:29.0343 4112	HPZipr12 - ok
17:37:29.0375 4112	HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:37:29.0375 4112	HPZius12 - ok
17:37:29.0406 4112	HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
17:37:29.0406 4112	HSFHWBS2 - ok
17:37:29.0453 4112	HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
17:37:29.0468 4112	HSF_DP - ok
17:37:29.0515 4112	HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:37:29.0515 4112	HTTP - ok
17:37:29.0562 4112	HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:37:29.0578 4112	HTTPFilter - ok
17:37:29.0609 4112	i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:37:29.0625 4112	i2omgmt - ok
17:37:29.0640 4112	i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:37:29.0640 4112	i2omp - ok
17:37:29.0687 4112	i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:37:29.0687 4112	i8042prt - ok
17:37:29.0750 4112	iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\drivers\iaStor.sys
17:37:29.0750 4112	iaStor - ok
17:37:29.0875 4112	IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:37:29.0875 4112	IDriverT - ok
17:37:30.0031 4112	idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:37:30.0046 4112	idsvc - ok
17:37:30.0156 4112	IHA_MessageCenter (53c8ce55214b38fba65a3adfa44e1d90) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
17:37:30.0156 4112	IHA_MessageCenter - ok
17:37:30.0265 4112	Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:37:30.0265 4112	Imapi - ok
17:37:30.0328 4112	ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:37:30.0328 4112	ImapiService - ok
17:37:30.0375 4112	ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:37:30.0375 4112	ini910u - ok
17:37:30.0437 4112	Inspect (c9953067b2c9e3d3dd44ec22d1e0815a) C:\WINDOWS\system32\DRIVERS\inspect.sys
17:37:30.0437 4112	Inspect - ok
17:37:30.0640 4112	IntcAzAudAddService (4aaa8312732655f93a254d1fa695eb79) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:37:30.0687 4112	IntcAzAudAddService - ok
17:37:30.0765 4112	IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:37:30.0781 4112	IntelIde - ok
17:37:30.0796 4112	intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:37:30.0796 4112	intelppm - ok
17:37:30.0812 4112	Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:37:30.0828 4112	Ip6Fw - ok
17:37:30.0843 4112	IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:37:30.0843 4112	IpFilterDriver - ok
17:37:30.0859 4112	IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:37:30.0859 4112	IpInIp - ok
17:37:30.0875 4112	IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:37:30.0875 4112	IpNat - ok
17:37:30.0890 4112	IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:37:30.0890 4112	IPSec - ok
17:37:30.0906 4112	IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:37:30.0906 4112	IRENUM - ok
17:37:30.0921 4112	isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:37:30.0937 4112	isapnp - ok
17:37:31.0093 4112	JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
17:37:31.0093 4112	JavaQuickStarterService - ok
17:37:31.0140 4112	Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:37:31.0156 4112	Kbdclass - ok
17:37:31.0156 4112	kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:37:31.0156 4112	kbdhid - ok
17:37:31.0218 4112	kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:37:31.0218 4112	kmixer - ok
17:37:31.0265 4112	KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:37:31.0265 4112	KSecDD - ok
17:37:31.0312 4112	L8042Kbd (dc61f15187372d164769c841655e58f3) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
17:37:31.0312 4112	L8042Kbd - ok
17:37:31.0312 4112	L8042mou (cb6e007d3a67cb80ee9df2afd4b0fc9d) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
17:37:31.0328 4112	L8042mou - ok
17:37:31.0375 4112	lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:37:31.0390 4112	lanmanserver - ok
17:37:31.0437 4112	lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:37:31.0468 4112	lanmanworkstation - ok
17:37:31.0468 4112	lbrtfdc - ok
17:37:31.0500 4112	LHidFilt (dd83dc92463fce6324fd30a13d17d0da) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
17:37:31.0500 4112	LHidFilt - ok
17:37:31.0562 4112	LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:37:31.0578 4112	LmHosts - ok
17:37:31.0578 4112	LMouFilt (8fe0008e183ff0293a925b78a5581c5f) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
17:37:31.0578 4112	LMouFilt - ok
17:37:31.0593 4112	LMouKE (58597a99792461e89bb5c44e17508d70) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
17:37:31.0593 4112	LMouKE - ok
17:37:31.0640 4112	mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:37:31.0640 4112	mdmxsdk - ok
17:37:31.0656 4112	MEMSWEEP2 - ok
17:37:31.0687 4112	Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:37:31.0687 4112	Messenger - ok
17:37:31.0718 4112	mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:37:31.0734 4112	mnmdd - ok
17:37:31.0781 4112	mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:37:31.0781 4112	mnmsrvc - ok
17:37:31.0812 4112	Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:37:31.0812 4112	Modem - ok
17:37:31.0843 4112	MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:37:31.0843 4112	MODEMCSA - ok
17:37:31.0875 4112	Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:37:31.0875 4112	Mouclass - ok
17:37:31.0921 4112	mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:37:31.0937 4112	mouhid - ok
17:37:31.0968 4112	MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:37:31.0968 4112	MountMgr - ok
17:37:32.0015 4112	mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:37:32.0031 4112	mraid35x - ok
17:37:32.0140 4112	MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
17:37:32.0140 4112	MREMP50 - ok
17:37:32.0156 4112	MREMPR5 - ok
17:37:32.0156 4112	MRENDIS5 - ok
17:37:32.0171 4112	MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
17:37:32.0171 4112	MRESP50 - ok
17:37:32.0187 4112	MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:37:32.0187 4112	MRxDAV - ok
17:37:32.0234 4112	MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:37:32.0234 4112	MRxSmb - ok
17:37:32.0281 4112	MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:37:32.0296 4112	MSDTC - ok
17:37:32.0343 4112	Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:37:32.0343 4112	Msfs - ok
17:37:32.0343 4112	MSIServer - ok
17:37:32.0359 4112	MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:37:32.0359 4112	MSKSSRV - ok
17:37:32.0375 4112	MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:37:32.0375 4112	MSPCLOCK - ok
17:37:32.0375 4112	MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:37:32.0390 4112	MSPQM - ok
17:37:32.0421 4112	mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:37:32.0421 4112	mssmbios - ok
17:37:32.0468 4112	Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:37:32.0484 4112	Mup - ok
17:37:32.0515 4112	napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:37:32.0531 4112	napagent - ok
17:37:32.0562 4112	NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:37:32.0578 4112	NDIS - ok
17:37:32.0625 4112	NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:37:32.0625 4112	NdisTapi - ok
17:37:32.0671 4112	Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:37:32.0671 4112	Ndisuio - ok
17:37:32.0687 4112	NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:37:32.0687 4112	NdisWan - ok
17:37:32.0750 4112	NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:37:32.0750 4112	NDProxy - ok
17:37:32.0781 4112	NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:37:32.0781 4112	NetBIOS - ok
17:37:32.0828 4112	NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:37:32.0828 4112	NetBT - ok
17:37:32.0875 4112	NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:37:32.0875 4112	NetDDE - ok
17:37:32.0890 4112	NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:37:32.0890 4112	NetDDEdsdm - ok
17:37:32.0937 4112	Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:37:32.0937 4112	Netlogon - ok
17:37:33.0000 4112	Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:37:33.0031 4112	Netman - ok
17:37:33.0156 4112	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:37:33.0156 4112	NetTcpPortSharing - ok
17:37:33.0203 4112	Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:37:33.0218 4112	Nla - ok
17:37:33.0265 4112	Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:37:33.0281 4112	Npfs - ok
17:37:33.0296 4112	Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:37:33.0312 4112	Ntfs - ok
17:37:33.0312 4112	NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:37:33.0328 4112	NtLmSsp - ok
17:37:33.0375 4112	NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:37:33.0406 4112	NtmsSvc - ok
17:37:33.0437 4112	NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
17:37:33.0437 4112	NuidFltr - ok
17:37:33.0484 4112	Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:37:33.0484 4112	Null - ok
17:37:33.0593 4112	nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:37:33.0609 4112	nv - ok
17:37:33.0703 4112	NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:37:33.0703 4112	NwlnkFlt - ok
17:37:33.0703 4112	NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:37:33.0703 4112	NwlnkFwd - ok
17:37:33.0859 4112	odserv (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:37:33.0859 4112	odserv - ok
17:37:33.0890 4112	ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:37:33.0890 4112	ose - ok
17:37:33.0937 4112	Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:37:33.0937 4112	Parport - ok
17:37:33.0984 4112	PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:37:33.0984 4112	PartMgr - ok
17:37:34.0031 4112	ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:37:34.0031 4112	ParVdm - ok
17:37:34.0031 4112	PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:37:34.0046 4112	PCI - ok
17:37:34.0046 4112	PCIDump - ok
17:37:34.0078 4112	PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:37:34.0078 4112	PCIIde - ok
17:37:34.0093 4112	Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:37:34.0093 4112	Pcmcia - ok
17:37:34.0093 4112	PDCOMP - ok
17:37:34.0109 4112	PDFRAME - ok
17:37:34.0125 4112	PDRELI - ok
17:37:34.0125 4112	PDRFRAME - ok
17:37:34.0156 4112	perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:37:34.0171 4112	perc2 - ok
17:37:34.0203 4112	perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:37:34.0203 4112	perc2hib - ok
17:37:34.0281 4112	PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:37:34.0296 4112	PlugPlay - ok
17:37:34.0343 4112	Pml Driver HPZ12 (901c43516504cbe582e4c4193e00876a) C:\WINDOWS\system32\HPZipm12.exe
17:37:34.0343 4112	Pml Driver HPZ12 - ok
17:37:34.0390 4112	Point32 (2e3394c8ebf31a9b4f0a531eb5cc7bc7) C:\WINDOWS\system32\DRIVERS\point32.sys
17:37:34.0406 4112	Point32 - ok
17:37:34.0437 4112	PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:37:34.0437 4112	PolicyAgent - ok
17:37:34.0500 4112	PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:37:34.0500 4112	PptpMiniport - ok
17:37:34.0500 4112	ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:37:34.0515 4112	ProtectedStorage - ok
17:37:34.0515 4112	PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:37:34.0531 4112	PSched - ok
17:37:34.0546 4112	Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:37:34.0562 4112	Ptilink - ok
17:37:34.0625 4112	ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:37:34.0625 4112	ql1080 - ok
17:37:34.0656 4112	Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:37:34.0656 4112	Ql10wnt - ok
17:37:34.0671 4112	ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:37:34.0671 4112	ql12160 - ok
17:37:34.0671 4112	ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:37:34.0687 4112	ql1240 - ok
17:37:34.0687 4112	ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:37:34.0703 4112	ql1280 - ok
17:37:34.0718 4112	RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:37:34.0734 4112	RasAcd - ok
17:37:34.0765 4112	RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:37:34.0796 4112	RasAuto - ok
17:37:34.0843 4112	Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:37:34.0843 4112	Rasl2tp - ok
17:37:34.0890 4112	RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:37:34.0921 4112	RasMan - ok
17:37:34.0937 4112	RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:37:34.0937 4112	RasPppoe - ok
17:37:34.0953 4112	Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:37:34.0968 4112	Raspti - ok
17:37:34.0984 4112	Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:37:35.0000 4112	Rdbss - ok
17:37:35.0000 4112	RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:37:35.0015 4112	RDPCDD - ok
17:37:35.0062 4112	rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:37:35.0078 4112	rdpdr - ok
17:37:35.0125 4112	RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:37:35.0140 4112	RDPWD - ok
17:37:35.0171 4112	RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:37:35.0187 4112	RDSessMgr - ok
17:37:35.0218 4112	redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:37:35.0218 4112	redbook - ok
17:37:35.0265 4112	RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:37:35.0281 4112	RemoteAccess - ok
17:37:35.0312 4112	RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:37:35.0328 4112	RpcLocator - ok
17:37:35.0375 4112	RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:37:35.0390 4112	RpcSs - ok
17:37:35.0453 4112	RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:37:35.0453 4112	RSVP - ok
17:37:35.0515 4112	RTLE8023xp (f0a21c62b9b835e1c96268eaae31d239) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:37:35.0515 4112	RTLE8023xp - ok
17:37:35.0562 4112	SABKUTIL - ok
17:37:35.0578 4112	SABProcEnum - ok
17:37:35.0625 4112	SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:37:35.0625 4112	SamSs - ok
17:37:35.0656 4112	SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:37:35.0671 4112	SCardSvr - ok
17:37:35.0718 4112	Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:37:35.0765 4112	Schedule - ok
17:37:35.0828 4112	Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:37:35.0828 4112	Secdrv - ok
17:37:35.0875 4112	seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:37:35.0875 4112	seclogon - ok
17:37:35.0921 4112	SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:37:35.0937 4112	SENS - ok
17:37:35.0984 4112	serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:37:36.0000 4112	serenum - ok
17:37:36.0015 4112	Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:37:36.0015 4112	Serial - ok
17:37:36.0078 4112	Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:37:36.0078 4112	Sfloppy - ok
17:37:36.0140 4112	SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:37:36.0156 4112	SharedAccess - ok
17:37:36.0203 4112	ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:37:36.0218 4112	ShellHWDetection - ok
17:37:36.0218 4112	Simbad - ok
17:37:36.0281 4112	sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:37:36.0281 4112	sisagp - ok
17:37:36.0343 4112	Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:37:36.0343 4112	Sparrow - ok
17:37:36.0390 4112	splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:37:36.0406 4112	splitter - ok
17:37:36.0453 4112	Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:37:36.0468 4112	Spooler - ok
17:37:36.0515 4112	sprtsvc_verizondm - ok
17:37:36.0562 4112	sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:37:36.0562 4112	sr - ok
17:37:36.0625 4112	srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:37:36.0671 4112	srservice - ok
17:37:36.0718 4112	Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:37:36.0734 4112	Srv - ok
17:37:36.0750 4112	SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:37:36.0765 4112	SSDPSRV - ok
17:37:36.0812 4112	stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:37:36.0828 4112	stisvc - ok
17:37:36.0843 4112	stllssvr - ok
17:37:36.0890 4112	swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:37:36.0890 4112	swenum - ok
17:37:36.0906 4112	swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:37:36.0906 4112	swmidi - ok
17:37:36.0921 4112	SwPrv - ok
17:37:36.0968 4112	symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:37:36.0984 4112	symc810 - ok
17:37:37.0015 4112	symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:37:37.0015 4112	symc8xx - ok
17:37:37.0046 4112	sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:37:37.0062 4112	sym_hi - ok
17:37:37.0062 4112	sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:37:37.0062 4112	sym_u3 - ok
17:37:37.0125 4112	sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:37:37.0125 4112	sysaudio - ok
17:37:37.0171 4112	SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:37:37.0187 4112	SysmonLog - ok
17:37:37.0203 4112	TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:37:37.0234 4112	TapiSrv - ok
17:37:37.0281 4112	Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:37:37.0296 4112	Tcpip - ok
17:37:37.0343 4112	TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:37:37.0343 4112	TDPIPE - ok
17:37:37.0359 4112	TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:37:37.0359 4112	TDTCP - ok
17:37:37.0375 4112	TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:37:37.0375 4112	TermDD - ok
17:37:37.0437 4112	TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:37:37.0453 4112	TermService - ok
17:37:37.0531 4112	tgsrvc_verizondm - ok
17:37:37.0593 4112	Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:37:37.0609 4112	Themes - ok
17:37:37.0656 4112	TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:37:37.0656 4112	TosIde - ok
17:37:37.0703 4112	TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:37:37.0718 4112	TrkWks - ok
17:37:37.0734 4112	Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:37:37.0750 4112	Udfs - ok
17:37:37.0750 4112	ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:37:37.0765 4112	ultra - ok
17:37:37.0812 4112	Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:37:37.0828 4112	Update - ok
17:37:37.0859 4112	upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:37:37.0906 4112	upnphost - ok
17:37:37.0937 4112	UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:37:37.0953 4112	UPS - ok
17:37:38.0000 4112	usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:37:38.0015 4112	usbccgp - ok
17:37:38.0062 4112	usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:37:38.0062 4112	usbehci - ok
17:37:38.0078 4112	usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:37:38.0078 4112	usbhub - ok
17:37:38.0093 4112	usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:37:38.0093 4112	usbprint - ok
17:37:38.0140 4112	usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:37:38.0140 4112	usbscan - ok
17:37:38.0171 4112	USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:37:38.0187 4112	USBSTOR - ok
17:37:38.0187 4112	usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:37:38.0203 4112	usbuhci - ok
17:37:38.0218 4112	VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:37:38.0218 4112	VgaSave - ok
17:37:38.0265 4112	viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:37:38.0265 4112	viaagp - ok
17:37:38.0281 4112	ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:37:38.0281 4112	ViaIde - ok
17:37:38.0296 4112	VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:37:38.0312 4112	VolSnap - ok
17:37:38.0359 4112	VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:37:38.0375 4112	VSS - ok
17:37:38.0406 4112	w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:37:38.0421 4112	w32time - ok
17:37:38.0468 4112	Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:37:38.0468 4112	Wanarp - ok
17:37:38.0531 4112	Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:37:38.0546 4112	Wdf01000 - ok
17:37:38.0546 4112	WDICA - ok
17:37:38.0578 4112	wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:37:38.0578 4112	wdmaud - ok
17:37:38.0625 4112	WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:37:38.0640 4112	WebClient - ok
17:37:38.0703 4112	winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:37:38.0703 4112	winachsf - ok
17:37:38.0796 4112	winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:37:38.0812 4112	winmgmt - ok
17:37:38.0859 4112	WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
17:37:38.0875 4112	WmdmPmSN - ok
17:37:38.0937 4112	WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:37:38.0937 4112	WmiApSrv - ok
17:37:39.0062 4112	WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:37:39.0062 4112	WMPNetworkSvc - ok
17:37:39.0140 4112	WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\Drivers\wpdusb.sys
17:37:39.0156 4112	WpdUsb - ok
17:37:39.0187 4112	wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:37:39.0203 4112	wscsvc - ok
17:37:39.0265 4112	wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:37:39.0265 4112	wuauserv - ok
17:37:39.0328 4112	WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:37:39.0328 4112	WudfPf - ok
17:37:39.0359 4112	WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:37:39.0375 4112	WudfRd - ok
17:37:39.0406 4112	WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:37:39.0421 4112	WudfSvc - ok
17:37:39.0484 4112	WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:37:39.0500 4112	WZCSVC - ok
17:37:39.0531 4112	xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:37:39.0562 4112	xmlprov - ok
17:37:39.0578 4112	MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
17:37:39.0609 4112	\Device\Harddisk0\DR0 - ok
17:37:39.0609 4112	MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR4
17:37:39.0625 4112	\Device\Harddisk1\DR4 - ok
17:37:39.0656 4112	Boot (0x1200) (674069f651724b1ed33ed71419eb4aa7) \Device\Harddisk0\DR0\Partition0
17:37:39.0656 4112	\Device\Harddisk0\DR0\Partition0 - ok
17:37:39.0671 4112	Boot (0x1200) (567402a142a379f15d93a4cb3fe64b61) \Device\Harddisk1\DR4\Partition0
17:37:39.0671 4112	\Device\Harddisk1\DR4\Partition0 - ok
17:37:39.0671 4112	============================================================
17:37:39.0671 4112	Scan finished
17:37:39.0671 4112	============================================================
17:37:39.0687 2828	Detected object count: 0
17:37:39.0687 2828	Actual detected object count: 0

Since it didn't find or fix anything, I didn't restart the computer, so as to avoid having to restart all the services. Again. If I should restart it anyway, please just let me know and I'll get to it.

Thank you VERY much for your efforts on my behalf; I am in your debt.

Joan


----------



## dvk01 (Dec 14, 2002)

All I am seeing in teh gmer logs is avast & comodo clashing & cauing the usual problems those 2 do when on teh same computer
uninstall comodo, reboot & see if you still have problems


----------



## lisanti (Jul 11, 2003)

That seems to have done it! But I am very confused. I have had both programs running for several years, and they may have been duking it out behind the scenes, but I never ran into something like this loss of services. I know that you have done your part, and valiantly, too, wading through all those printouts, but do you have any ideas of what happened? And how do I prevent it from recurring,other than get a different firewall? (any recommendations for firewalls would be appreciated, as well).

Thank you, thank you, thank you. 


Joan


----------



## dvk01 (Dec 14, 2002)

it could have been a database update or a program updatre or even a windows update that caused it 
I suspect it was probaaly a windows update & comodo thought the files had been changed and as usual instead of warning you and allowing them to work, it just blocked them


----------



## lisanti (Jul 11, 2003)

One more oddity, which may be unrelated - the computer is taking several minutes to start up, hanging at the Windows XP screen with the bar with the little moving light. Should I just wait it out?


----------



## dvk01 (Dec 14, 2002)

now we have got rid of comodo lets see what this shows us as there might be a bit of malware there, even though the logs show clean so far

Delete any existing version of ComboFix you have sitting on your desktop
*Please read and follow all these instructions very carefully*​* Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.  *

Download ComboFix from *Here* or * Here*to your Desktop.
*As you download it rename it to username123.exe*

***Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer***
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


*Very Important!* *Temporarily disable* your *anti-virus* and *anti-malware* real-time protection and any *script blocking components of them or your firewall*_* before* _performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results" or stop combofix running at all_
Click on *THIS LINK * to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re enable the protection again after combofix has finished*
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running 
Double click on *renamed combofix.exe* & follow the prompts.​If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. 
Please post the *"C:\ComboFix.txt" * for further review

*****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze *****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read  HERE  why we disable autoruns

*Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version. *

Please tell us if it has cured the problems or if there are any outstanding issues


----------



## lisanti (Jul 11, 2003)

OK, starting Combofix...


----------



## lisanti (Jul 11, 2003)

Here's the combofix log:

ComboFix 12-04-31.02 - Lisanti 04/30/2012 13:31:04.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2520 [GMT -4:00]
Running from: c:\documents and settings\Lisanti\Desktop\username123.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Lisanti\Application Data\Mozilla\Firefox\Profiles\mmf3mxwj.default\weave\toFetch
c:\documents and settings\Lisanti\Application Data\Mozilla\Firefox\Profiles\mmf3mxwj.default\weave\toFetch\bookmarks.json
c:\documents and settings\Lisanti\Application Data\Mozilla\Firefox\Profiles\mmf3mxwj.default\weave\toFetch\clients.json
c:\documents and settings\Lisanti\Application Data\Mozilla\Firefox\Profiles\mmf3mxwj.default\weave\toFetch\forms.json
c:\documents and settings\Lisanti\Application Data\Mozilla\Firefox\Profiles\mmf3mxwj.default\weave\toFetch\history.json
c:\documents and settings\Lisanti\Application Data\Mozilla\Firefox\Profiles\mmf3mxwj.default\weave\toFetch\passwords.json
c:\documents and settings\Lisanti\Application Data\Mozilla\Firefox\Profiles\mmf3mxwj.default\weave\toFetch\prefs.json
c:\documents and settings\Lisanti\Application Data\Mozilla\Firefox\Profiles\mmf3mxwj.default\weave\toFetch\tabs.json
c:\documents and settings\Lisanti\GoToAssistDownloadHelper.exe
c:\documents and settings\Lisanti\My Documents\~WRL0001.tmp
c:\windows\system32\SET167.tmp
c:\windows\system32\SET169.tmp
c:\windows\system32\SET177.tmp
c:\windows\system32\SET7B.tmp
c:\windows\system32\SET7F.tmp
c:\windows\system32\SET86.tmp
c:\windows\system32\urttemp
c:\windows\system32\urttemp\fusion.dll
c:\windows\system32\urttemp\mscoree.dll
c:\windows\system32\urttemp\mscoree.dll.local
c:\windows\system32\urttemp\mscorsn.dll
c:\windows\system32\urttemp\mscorwks.dll
c:\windows\system32\urttemp\msvcr71.dll
c:\windows\system32\urttemp\regtlib.exe
I:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-30 16:44 . 2012-04-30 16:45	--------	d-----w-	c:\documents and settings\Lisanti\Application Data\HpUpdate
2012-04-30 16:43 . 2012-04-30 16:43	--------	d-----w-	c:\windows\Hewlett-Packard
2012-04-30 14:02 . 2012-04-30 14:02	--------	d-----w-	c:\program files\SecurityXploded
2012-04-30 00:17 . 2012-04-30 00:18	--------	d-----w-	c:\program files\HitmanPro
2012-04-30 00:17 . 2012-04-30 00:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\HitmanPro
2012-04-29 21:50 . 2012-04-29 21:50	--------	d-----w-	c:\documents and settings\All Users\Application Data\Sophos
2012-04-29 21:50 . 2012-04-29 21:50	73728	----a-r-	c:\documents and settings\Lisanti\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-04-29 21:50 . 2012-04-29 21:50	73728	----a-r-	c:\documents and settings\Lisanti\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-04-29 21:50 . 2012-04-29 21:50	73728	----a-r-	c:\documents and settings\Lisanti\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-04-26 16:26 . 2012-04-26 16:26	--------	d-----w-	c:\documents and settings\All Users\Application Data\DailyMagic
2012-04-25 00:32 . 2012-04-25 00:32	--------	d-----w-	c:\documents and settings\Lisanti\Application Data\4 Friends Games
2012-04-24 22:20 . 2012-04-24 22:20	--------	d-----w-	c:\documents and settings\Lisanti\Application Data\Silverback Productions
2012-04-24 21:28 . 2012-04-24 21:28	--------	d-----w-	c:\documents and settings\All Users\Application Data\10tons
2012-04-24 21:19 . 2012-04-24 21:19	--------	d-----w-	c:\documents and settings\All Users\Application Data\Fugazo
2012-04-11 18:51 . 2012-04-29 23:33	--------	d-----w-	c:\documents and settings\Lisanti\Application Data\PlayFavoriteGames
2012-04-05 21:00 . 2012-04-05 21:00	--------	d-----w-	c:\documents and settings\All Users\Application Data\Princess Isabella CE
2012-04-04 05:53 . 2012-04-04 05:53	182160	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53	182160	----a-w-	c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-04-03 20:53 . 2012-04-03 20:53	--------	d-----w-	c:\documents and settings\Lisanti\Local Settings\Application Data\Temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2009-04-23 15:52	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-30 12:50 . 2012-03-30 12:50	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-03-30 12:50 . 2011-06-25 13:28	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-06 23:15 . 2010-07-04 13:37	41184	----a-w-	c:\windows\avastSS.scr
2012-03-06 23:15 . 2008-01-11 12:51	201352	----a-w-	c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-05-25 22:56	612184	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2008-04-01 01:48	337880	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2008-01-11 12:51	35672	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2008-01-11 12:51	53848	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2008-01-11 12:51	95704	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2008-01-11 12:51	89048	----a-w-	c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2008-04-01 01:48	20696	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2008-01-11 12:51	24920	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:01 . 2006-03-04 03:33	916992	----a-w-	c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 10:00	43520	------w-	c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 10:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 10:00	177664	----a-w-	c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 10:00	148480	----a-w-	c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 10:00	385024	------w-	c:\windows\system32\html.iec
2012-02-23 17:44 . 2008-01-31 03:57	73728	----a-w-	c:\windows\system32\javacpl.cpl
2012-02-23 17:44 . 2010-06-05 13:47	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-02-03 09:22 . 2004-08-04 10:00	1860096	----a-w-	c:\windows\system32\win32k.sys
2008-03-29 05:36 . 2008-03-29 05:36	499200	-c--a-w-	c:\program files\USB_Disk_Eject.exe
2007-09-08 16:43 . 2007-09-08 16:43	339456 -c--a-w-	c:\program files\MJsDiag.exe
2012-03-17 21:03 . 2011-07-11 20:12	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	123536	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
"SansaDispatch"="c:\documents and settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-12-25 79872]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-02-17 107000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 176128]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-14 98304]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-02-01 206120]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-7 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kyodai Mahjongg 2006\\kmj.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/25/2011 6:56 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/31/2008 9:48 PM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/31/2008 9:48 PM 20696]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [4/29/2012 8:18 PM 105288]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/30/2012 8:50 AM 253600]
S3 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 5:06 PM 98304]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\182.tmp --> c:\windows\system32\182.tmp [?]
S3 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 5:54 AM 206120]
S3 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 5:54 AM 185640]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2011 11:51 PM 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2011 11:51 PM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:50]
.
2012-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-25 03:51]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-25 03:51]
.
2011-03-10 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-11-05 20:35]
.
.
------- Supplementary Scan -------
.
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.1
DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} - hxxp://www.superadblocker.com/activex/sabminf.cab
FF - ProfilePath - c:\documents and settings\Lisanti\Application Data\Mozilla\Firefox\Profiles\mmf3mxwj.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 61798
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-30 13:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\182.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-04-30 13:43:35
ComboFix-quarantined-files.txt 2012-04-30 17:43
.
Pre-Run: 180,331,880,448 bytes free
Post-Run: 181,008,007,168 bytes free
.
- - End Of File - - 4EF4ED6ABDAAF8FC534E1B8AD3A88E80


----------



## dvk01 (Dec 14, 2002)

That looks like combofix has deleted soem files by mistake

I want to get copies of them so we can see why, then we can restore them ( if necessary ) after we have double checked them

can you please go to C:\qoobox & right click the quarantine folder, select send to compressed(zip) folders 
that will make a zipped copy of the quarantine folder
then 
please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files and submit to antivirus companies if needed

Just press new topic, fill in the needed details 
In the subject box please put: Files for DVK01

In the body of the post paste the contents of the code box: 

```
combofix Quarantine folder from 
http://forums.techguy.org/virus-other-malware-removal/1051275-all-services-not-started-computer.html#post8339517
```
 & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file


----------



## dvk01 (Dec 14, 2002)

can you also please go to C:\qoobox & find ComboFix-quarantined-files.txt
attach that here please 

At first glance the firefox extension that combofix has removed looks to be just empty files so wouldn't work anyway 
It looks like it isn't asupported extension in recent firefox versions and stopped being supported in about V4 so we will not bother to restore that 
I am just waiting to here from the developer why cf removed the urttemp folder which appears to be part of net framework 2 and might be needed


----------



## lisanti (Jul 11, 2003)

Here is the quarantined.txt file:

2012-04-30 17:40:32 . 2007-11-09 02:12:28 90 ----a-w- C:\Qoobox\Quarantine\I\AUTORUN.INF.vir
2012-04-30 17:37:34 . 2012-04-30 17:37:34 7,491 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-04-30 17:22:54 . 2012-04-30 17:29:10 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-08-27 19:30:06 . 2011-08-27 19:30:06 2 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lisanti\Application Data\Mozilla\Firefox\Profiles\mmf3mxwj.default\weave\toFetch\tabs.json.vir
2011-08-27 19:30:06 . 2011-08-27 19:30:06 2 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lisanti\Application Data\Mozilla\Firefox\Profiles\mmf3mxwj.default\weave\toFetch\clients.json.vir
2011-07-11 21:51:51 . 2011-07-11 21:51:51 2 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lisanti\Application Data\Mozilla\Firefox\Profiles\mmf3mxwj.default\weave\toFetch\prefs.json.vir
2011-07-11 21:51:51 . 2011-07-11 21:51:51 2 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lisanti\Application Data\Mozilla\Firefox\Profiles\mmf3mxwj.default\weave\toFetch\passwords.json.vir
2011-07-11 21:51:51 . 2011-07-11 21:51:51 2 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lisanti\Application Data\Mozilla\Firefox\Profiles\mmf3mxwj.default\weave\toFetch\history.json.vir
2011-07-11 21:51:51 . 2011-07-11 21:51:51 2 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lisanti\Application Data\Mozilla\Firefox\Profiles\mmf3mxwj.default\weave\toFetch\forms.json.vir
2011-07-11 21:51:51 . 2011-07-11 21:51:51 2 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lisanti\Application Data\Mozilla\Firefox\Profiles\mmf3mxwj.default\weave\toFetch\bookmarks.json.vir
2010-11-01 21:53:22 . 2010-11-01 21:53:23 103,720 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lisanti\GoToAssistDownloadHelper.exe.vir
2010-02-23 22:42:06 . 2010-02-23 22:42:07 275,456 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lisanti\My Documents\~WRL0001.tmp.vir
2009-01-31 01:35:54 . 2009-01-31 01:35:54 133,632 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET177.tmp.vir
2009-01-31 01:34:02 . 2009-01-31 01:34:02 254,976 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET167.tmp.vir
2009-01-31 01:34:02 . 2009-01-31 01:34:02 166,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET169.tmp.vir
2006-10-19 02:47:22 . 2006-10-19 02:47:22 2,450,944 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET86.tmp.vir
2006-10-19 02:47:20 . 2006-10-19 02:47:20 937,984 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7F.tmp.vir
2006-10-19 02:47:18 . 2006-10-19 02:47:18 222,208 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7B.tmp.vir
2004-08-10 18:09:37 . 2004-08-10 18:09:38 0 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.local.vir
2004-08-10 18:09:37 . 2003-02-21 09:42:22 348,160 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\msvcr71.dll.vir
2004-08-10 18:09:37 . 2003-02-21 00:09:18 77,824 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorsn.dll.vir
2004-08-10 18:09:37 . 2003-02-21 00:08:32 2,482,176 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorwks.dll.vir
2004-08-10 18:09:37 . 2003-02-21 00:06:20 282,624 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\fusion.dll.vir
2004-08-10 18:09:37 . 2003-02-21 00:06:24 155,648 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.vir
2003-02-21 10:16:08 . 2003-02-21 10:16:08 49,152 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\regtlib.exe.vir



BTW, I got a BSOD (an unusual event for this computer) and it's still very slow in opening, and in closing, for that matter. This is going to be the cleanest computer on the planet by the time we're done with it.

Joan


----------



## dvk01 (Dec 14, 2002)

Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press *SAVE * and choose desktop in the list of selections in that window & press save)

*Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished *

Close any open browsers 
Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again and restore the file that was placed in quarantine Post the contents of the combofix-dequarantine.txt in your next reply .

*Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum *


----------



## lisanti (Jul 11, 2003)

ok, here we go.


----------



## lisanti (Jul 11, 2003)

Here is the dequarantine txt file:
C:\Qoobox\Quarantine\C\Documents and Settings\Lisanti\GoToAssistDownloadHelper.exe.vir -> C:\Documents and Settings\Lisanti\GoToAssistDownloadHelper.exe ( 103720 bytes ) 
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\fusion.dll.vir -> C:\WINDOWS\system32\URTTemp\fusion.dll ( 282624 bytes ) 
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.local.vir -> C:\WINDOWS\system32\URTTemp\mscoree.dll.local ( 0 bytes ) 
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.vir -> C:\WINDOWS\system32\URTTemp\mscoree.dll ( 155648 bytes ) 
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorsn.dll.vir -> C:\WINDOWS\system32\URTTemp\mscorsn.dll ( 77824 bytes ) 
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorwks.dll.vir -> C:\WINDOWS\system32\URTTemp\mscorwks.dll ( 2482176 bytes ) 
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\msvcr71.dll.vir -> C:\WINDOWS\system32\URTTemp\msvcr71.dll ( 348160 bytes ) 
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\regtlib.exe.vir -> C:\WINDOWS\system32\URTTemp\regtlib.exe ( 49152 bytes ) 


After it finished, I was unable to connect to the internet at all, either Firefox or IE, so I ran the Network Connection wizard (I think that was what the title was), and the connection came back. I hope that doing that didn't mess everything up. Sorry.

Joan


----------



## dvk01 (Dec 14, 2002)

are you having any problems now or have they all cleared up


----------



## lisanti (Jul 11, 2003)

The proper services are running, no more BSOD, and I'm connected to the internet. It is still quite slow at going off and coming on, and also when the desktop first comes up; I can't believe that it could still be malware, with all the scans that have gone on in the last couple of days,but I guess that anything is possible.

I started this post to ask for help in getting the services back, and you have done that, for which I am very grateful. I don't want to tie you up, working on this;if you have the time to recommend some steps to speed my computer back up,that would be great, and if you need to move on to another problem, I would remain grateful. 

Joan


----------



## dvk01 (Dec 14, 2002)

Try doing a scan disc ( error check) & then defrag 

see if that makes things better


----------



## flavallee (May 12, 2002)

lisanti said:


> if you have the time to recommend some steps to speed my computer back up,that would be great


Joan:

When dvk01 is finished with you, I can work with you on getting some speed and "snappiness" back in that computer.

-----------------------------------------------------------


----------



## lisanti (Jul 11, 2003)

I'm still here! The chckdsk scan took about 5 1/2 hours (!!), so I'm off to defrag and then we'll see what's what. Nice to see you again flavallee!

Joan


----------



## dvk01 (Dec 14, 2002)

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click *START* then * RUN*
* Now type *Combofix /Uninstall * in the runbox and click *OK*. Note the *space *between the *X* and the */U*, it needs to be there.









This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here* http://www.thespykiller.co.uk/index.php?page=3 *for info on how to tighten your security settings and how to help prevent future attacks.

and scan here* http://secunia.com/vulnerability_scanning/online/* for out of date & vulnerable common applications on your computer and update whatever it suggests

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. * If windows update doesn't work, please come back & tell us*

I will leave you with flavalee to finish off any steps to cut down on start ups & update any software needed


----------



## lisanti (Jul 11, 2003)

Thank you, dvk01, for your help with this; I can't think of an adjective big enough, but "invaluable" will do.I'll follow your last instructions soon.

Flavallee-

I think that I've found the slowness problem (part of it, anyway). I went to defrag, as DVK01 said, and found a complete mess. The computer is 30% fragmented, which it has never been, and Vopt couldn't even make a dent in it. I downloaded Defraggler from Piriform, which is giving me an estimated time of over 24 hours. Something is obviously totally screwed up. Should I let Defraggler keep running? Should I get rid of Combofix first and then try to defrag? I was dumbfounded when I saw the drive map in Vopt; for some reason unknown to me, it shows that most of the files are Restore files, which also makes no sense, as I thought that there was a cap on how much room restore points could take up, and 6 gig seems a bit extreme. Any and all advice will be appreciated.

Joan


----------



## flavallee (May 12, 2002)

lisanti said:


> Tech Support Guy System Info Utility version 1.0.0.2
> OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
> Processor: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz, x86 Family 6 Model 15 Stepping 13
> Processor Count: 2
> ...


According to your computer's system information, the C: drive has a capacity of *229.46 GB*.

If the Recycle Bin and System Restore are still set at their default values of 10% and 12% respectively, they would be allocated *22.94 GB* and *27.53 GB* respectively of hard drive space.

There's no reason at all why they should be allocated so much hard drive space.

Right-click the Recycle Bin, then click Properties, then move the slider to 3%, then click Apply - OK.

Right-click My Computer, then click Properties - System Restore, then move the slider to 3%, then click Apply - OK.

After you're done, restart the computer.

---------------------------------------------------------

I've never used *Piriform Defraggler*, so I have no idea how well it works.

I've used *Auslogics Disk Defrag* on occasion, and it completes the task in a very short time.

---------------------------------------------------------


----------



## lisanti (Jul 11, 2003)

I have uninstalled Combofix, run Secunia, gone to Windows Update, and resized the Recycle Bin and System Restore. In an interesting turn of events, System Restore was turned off, and not by me. So I turned it back on and made the file smaller. I have rebooted as instructed.

The logging off is about back to normal; the turning on is still slow, but better than it was. While the computer is on, there is a sizeable lag between clicking on a program and the program starting, but the lag diminishes the longer the computer is on, and the longer the program is running. For example, when I started typing this post, I was well into the third word before any letters showed up, but now it's fine. Looking at Task Manager reveals lots of stuff that seems unnecessary, and I'm pretty sure that some of what's running in Services is automatic when it should be manual.

My next step?

Joan


----------



## flavallee (May 12, 2002)

Your HiJackThis log in post #8 does show a bloated startup load in your computer.

The majority of the startup entries in

Start - Run - MSCONFIG - OK - "Startup" tab

can be unchecked.

The majority of the service entries in

Start - Run - SERVICES.MSC - OK

can have their "startup type" set on Manual.

As soon as *dvk01* is finished with you, we can get to work trimming down that bloated startup load.

------------------------------------------------------------

I'm going off-line for several hours or for the rest of the day, so I'll check back with you later.

------------------------------------------------------------


----------



## lisanti (Jul 11, 2003)

OK Flavallee, thanks, and I'll look forward to hearing from you later (tomorrow).

Joan


----------



## dvk01 (Dec 14, 2002)

I am finished flavalee so carry on


----------



## flavallee (May 12, 2002)

dvk01 said:


> I am finished flavalee so carry on


Go to Start - Run - *MSCONFIG* - OK - "Startup" tab.

Write down only the names in the "Startup Item" column that have a checkmark next to them.

If the "Startup Item" column isn't wide enough to see the entire name of any of them, widen the column.

Submit those names here in a vertical list.

Make sure to spell them EXACTLY as you see them there.

-------------------------------------------------------

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears, then copy-and-paste it here.

-------------------------------------------------------


----------



## lisanti (Jul 11, 2003)

Flavallee-

While waiting, I have nibbled away at the running services, and this is what they look like now:

Disabled:

Alerter
Clip Book
Error Reporting Services
Fax [I never use it]
Indexing Service
Messenger
NetMeeting Remote Desktop Sharing
Portable Media Serial Number Service
Stllssvr [left by old CD labeling software]
WMI Performance Adapter

Automatic:

Automatic Updates
Avast!
Computer Browser
Crypt Svc
DCOM Server Process Launcer
DHCP Client
DNS Client
Event Log
Help & Support
Install Driver Table Manager
IPSEC Services
Java Quick Starter
Net Logon
Net TCP Port Sharing Service
Network Connections
Plug & Play 
Routing and Remote Access
SAS Core Service [Super AntiSpyware]
Security Accounts Manager
Security center
Server
Shell Hardware Detection
SSCP Discovery Service
System Event Notification
System Restore Service
TCP/IP NetBIOS Helper
Universal Plug & Play Device Host
Windows Audio
Windows Driver Foundation
Windows Firewall/ICS
Windows Installer
Windows Management Instrumentation
Windows Time
Wired Autoconfig
Wireless Zero Config
Workstation

Everything else is set for manual.I know that at least some of what I have set to automatic can be set to manual, but I'm a bit leery of fooling around with these without your advice; same goes for the start up stuff.

I look forward to hearing from you tomorrow.

Joan


----------



## lisanti (Jul 11, 2003)

Yipes! As I was typing, you were posting. Give me a minute to follow your instructions...


----------



## lisanti (Jul 11, 2003)

from mcsonfig:

hpztsb12
RTHDCPL
SOUNDMAN
ALCWZRD
itype
ipoint
CLIStart
sprtcmd
McciTrayApp
HPWuSchd2
PVDDXSrv
issch
ISUSPM
APSDaemon
QTTask
Adobe ARM
jusched
Weather
RoboTaskBar Icon
SUPER AntiSpyware
SansaDispatch
Digital Line Detect
HP Digital Imaging


Off to HJT

Joan


----------



## lisanti (Jul 11, 2003)

Hijack this a/o 5/2/12"

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:08:54 PM, on 5/2/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\bfgclient\bfggameservices.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DOWNLOADS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VERIZONDM] "C:\Program Files\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong.com/Music/install/network/install.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251605255921
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} (SABMachineInfo Class) - http://www.superadblocker.com/activex/sabminf.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IHA_MessageCenter - Unknown owner - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\sprtsvc.exe
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\tgsrvc.exe

--
End of file - 10949 bytes


----------



## flavallee (May 12, 2002)

Do the following in the order that they're listed.

Take your time and don't get in a hurry.

---------------------------------------------------------

Go to Start - Run - SERVICES.MSC - OK.

Change the "startup type" to Manual for these service entries:

The *10* that you currently have set on Disabled.

*Computer Browser

Help And Support

InstallDriver Table Manager

IPSEC Services

Java Quick Starter

Net Logon

Net.Tcp Port Sharing Service

TCP/IP NetBIOS Helper

Windows Driver Foundation - User-mode Driver Framework

Windows Installer

Wired AutoConfig*

After you're done, close the services window.

---------------------------------------------------------

Go to Start - Run - MSCONFIG - OK - "Startup" tab.

Remove the checkmark in these startup entries:

*RTHDCPL

SOUNDMAN

ALCWZRD

CLIStart

HPWuSchd2

PVDDXSrv

issch

ISUSPM

QTTask

Adobe ARM

jusched

SUPERAntiSpyware

Digital LIne Detect*

After you're done, click Apply - OK/Close - Restart.

---------------------------------------------------------

When the small "System Configuration Utility" window appears during restart, ignore its message about being in diagnostic/selective startup mode.

Do NOT change it back to normal startup mode!!!

Put a checkmark in the lower left of that window BEFORE you click OK to close it.

Wait for the computer to completely settle down from the restart.

Do NOT open any windows or start any programs.

---------------------------------------------------------

Go back to Start - Run - SERVICES.MSC - OK.

If any service currently set on Manual shows a status of "started", change it to Automatic.

If any service currently set on Automatic does NOT show a status of "started", change it to Manual.

After you're done, close the services window and then restart the computer again.

Wait for the computer to completely settle down from the restart.

Do NOT open any windows or start any programs.

---------------------------------------------------------

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears, then copy-and-paste it here.

---------------------------------------------------------


----------



## lisanti (Jul 11, 2003)

Done as you directed; here's the HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:31:49 AM, on 5/3/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DOWNLOADS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [VERIZONDM] "C:\Program Files\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Lisanti\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong.com/Music/install/network/install.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251605255921
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} (SABMachineInfo Class) - http://www.superadblocker.com/activex/sabminf.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IHA_MessageCenter - Unknown owner - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\sprtsvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\tgsrvc.exe

--
End of file - 9382 bytes


----------



## flavallee (May 12, 2002)

If perchance

*NET Driver HPZ12

Pml Driver HPZ12*

are set on Automatic in the services list, you can change them to Manual.

-------------------------------------------------------

The new version of Firefox is starting to add

*Mozilla Maintenance Service*

to the list of installed programs and extras.

It's not needed, so you can get rid of it.

-------------------------------------------------------

I wasn't sure if you needed some of those other startup entries to auto-start and run all the time, so I didn't advise you to uncheck them.

How is the computer running now?

-------------------------------------------------------


----------



## lisanti (Jul 11, 2003)

There is no netdriver hpz12 in services but I changed the pml driver to manual.

The computer is still very, very slow in starting up, and once the desktop is there, very slow in opening programs. After a couple of minutes, it regains its usual speed.

Regarding the other stuff that is there at startup, I have a couple of questions/observations -

I have Verizon DSL and never use their support agent, as it's about useless. Can I then somehow remove Mccitray.exe? And IHA Message center?
I did, at one point, have Google Earth; is that Google Update a remnant of that, and, if so, can it be gotten rid of?
I can remove the Sansa Updater, as I never sync my MP3 player.
My daughter used Facebook on this computer for a week or two, and I guess the Facebook entries are from that time; as I don't have Facebook, can I get rid of them, and how?
If the APSDaemon entry is from iTunes, that can go too, as iTunes is long gone from here.
I don't use Passalong anymore, so that can go.
I never use Messenger.
I had SuperAdBlocker several years ago, but uninstalled it - how do I get rid of its entry?
Same question for stlssvr.

I really like RoboBar, but it seems to be proliferating; I will check the program and see what I can do to make it less of a big deal.

I don't need every program to try to update itself when I start the computer, especially the HP software, which is pernicious. Can I set everything except system and protection to manual updates?

I am going to go get rid of Sansa and Passalong; I'll check back in a bit.

Thank you for all your help and all your patience.
Joan


----------



## flavallee (May 12, 2002)

Let's see a new "uninstall_list.txt" log.

Start HiJackThis.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button.

Save the "uninstall_list.txt" file somewhere.

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here. 

----------------------------------------------------------------


----------



## lisanti (Jul 11, 2003)

Here 'tis:

10 Talismans
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
9: The Dark Side Collector's Edition
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Amazon MP3 Downloader 1.0.15
Amulet of Time: Shadow of la Rochelle
Apple Application Support
Apple Software Update
ASAP Utilities
ATI AVIVO Codecs
ATI Display Driver
ATI Problem Report Wizard
Auslogics Disk Defrag
avast! Free Antivirus
Avery Wizard 3.1
Azkend
Azkend 2: The World Beneath
Big Fish Games: Game Manager
Catalyst Control Center - Branding
CCleaner
Classical CD Collection
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Critical Mass Deluxe
Cubis Gold 2
Dark Dimensions: City of Fog
Dark Dimensions: Wax Beauty Collector's Edition
Dark Parables: Curse of Briar Rose
Dark Parables: Rise of the Snow Queen
Dark Parables: The Exiled Prince
Dark Tales:  Edgar Allan Poe's The Black Cat
dBpoweramp CD Writer
dBpoweramp Music Converter
dBpoweramp Windows Media Audio 10 Codec
Defraggler
Diamond Mine 1.5sw
Digital Line Detect
Echoes of the Past: Royal House of Stone
Echoes of the Past: The Castle of Shadows
Echoes of the Past: The Citadels of Time
Electra
Elixir of Immortality
Empress of the Deep: The Darkest Secret
Enchanted Cavern
Enchanted Cavern 2
Enigmatis: The Ghosts of Maple Creek Collector's Edition
erLT
eZip Wizard
Fiction Fixers: The Curse of OZ
Finale NotePad 2008
GameHouse
GoodSync
Google Update Helper
Gravely Silent: House of Deadlock
Grim Facade: Mystery of Venice
GS-Base 7.1
GS-Calc 7.4
Guardians of Beyond: Witchville
Hallowed Legends: Templar Collector's Edition
Haunted Legends: The Bronze Horseman
Haunted Legends: The Queen of Spades Collector's Edition
Hello Venice
HitmanPro 3.6
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Image Zone Express
HP Imaging Device Functions 5.3
HP Product Assistant
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
IceBreaker
IHA_MessageCenter
Intel(R) PRO Network Connections Drivers
Internet Service Offers Launcher
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 31
Jewel Quest
Jewel Quest 3
Jewel Quest Heritage
Jewel Quest II
Jewel Quest: The Sapphire Dragon
Jewel Quest: The Sleepless Star
Kyodai Mahjongg 2006 v1.42
Living Legends: Ice Rose
Lost in Reefs
Macabre Mysteries: Curse of the Nightingale
Maestro: Music of Death
Maestro: Notes of Life
Magic Vines&trade;
Malwarebytes Anti-Malware version 1.61.0.1400
MaxBlast 3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Diagnostic Tool
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Thunderbird 12.0 (x86 en-US)
Mp3tag v2.47b
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Mystery of the Ancients: Lockwood Manor
Mystery Trackers: Black Isle Collector's Edition
Mystery Trackers: Raincliff Collector's Edition
Mystery Trackers: The Void Collector's Edition
NetWaiting
Paint.NET v3.5.8
PowerDVD
Pretty Good Solitaire version 12.0.0
Princess Isabella: A Witch's Curse
Princess Isabella: Return of the Curse
QBeez 2
QuickTime
Quilt-Pro Version 6
Realtek High Definition Audio Driver
RoboForm 7-7-0 (All Users)
SearchAssist
Secrets of the Dark: Eclipse Mountain Collector's Edition
Secrets of the Dark: Temple of Night Collector's Edition
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Shades of Death: Royal Blood
Shiver: Poltergeist Collector's Edition
Shiver: Vanishing Hitchhiker Collector's Edition
Sonic Activation Module
Sophos Virus Removal Tool
Spell Checker For OE 2.1
Super Glinx!
Super Nisqually
Super TextTwist
SUPERAntiSpyware
swMSM
The Agency of Anomalies: Cinderstone Orphanage
The Agency of Anomalies: Mystic Hospital
Time Mysteries: Inheritance
Time Mysteries: The Ancient Spectres
Timeless: The Forgotten Town
Treasure Seekers: Follow the Ghosts
Treasure Seekers: The Enchanted Canvases
Treasure Seekers: The Time Has Come
Treasure Seekers: Visions of Gold 
Trijinx
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2492386)
Verizon Download Manager
Verizon Help and Support Tool
Verizon Online DSL
Vopt 9
Vz In Home Agent
WeatherBug
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Witches' Legacy: The Charleston Curse Collector's Edition
Zenerchi

Yeah, I've got a lot of games on here, I'll admit.

Joan


----------



## flavallee (May 12, 2002)

These programs and extras can be uninstalled:

*Apple Application Support

Apple Software Update

CCleaner* (unless you REALLY know how to use it safely)

*Defraggler

Google Update Helper

HP Product Assistant

HP Update

IHA Message Center

J2SE Runtime Environment 5.0 Update 6

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

QuickTime

SearchAssist

Sophos Virus Removal Tool

Verizon Download Manager

Verizon Help And Support Tool*

--------------------------------------------

*RoboForm* and the others you mentioned are your choice.

Stick with *Auslogics Disk Defrag* if you're going to use a third-party defrag utility.

--------------------------------------------

After you're all done and have restarted the computer, submit a new HiJackThis scan log.

Some of the things that you mentioned will need to be "fixed" in the log.

--------------------------------------------


----------



## lisanti (Jul 11, 2003)

I used the Add/Remove Programs in Control Panel, and there was no entry for Google Update Helper, or HP Product Assistant; HP's remaining entries are:Image Zone Express, Imaging Device Functions, PSC & Office Jet 5.3.B, Solution Center and Imaging Support.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:22:48 PM, on 5/3/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Lisanti\Desktop\HijackThis.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_31.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_31.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong.com/Music/install/network/install.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251605255921
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} (SABMachineInfo Class) - http://www.superadblocker.com/activex/sabminf.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 8413 bytes

I'm off to bed; I'll check for your opinions in the morning. Thank you again.

Joan


----------



## flavallee (May 12, 2002)

Is a HP printer still connected to and in use with that computer?

------------------------------------------------------------

Let's do a little "housecleaning" of the HiJackThis log.

Start HiJackThis, then click "Do a system scan only".

When the scan is finished in about 30 - 60 seconds, put a checkmark in these log entries:

*O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_31.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_31.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab

O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong.com/Music/insta...rk/install.exe

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab

O16 - DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} (SABMachineInfo Class) - http://www.superadblocker.com/activex/sabminf.cab*

After you confirm that you selected the CORRECT log entries, click "Fix Checked - Yes".

Close HiJackThis, then restart the computer.

-----------------------------------------------------------


----------



## lisanti (Jul 11, 2003)

Yes, there is still a HP printer; it's an all-in-one inkjet. Off to do the Hijack this stuff.


----------



## lisanti (Jul 11, 2003)

Double-checked and done. It is still extremely slow to start, and for programs to start running after clicked on. here's this mornings log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:06:14 AM, on 5/4/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Lisanti\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251605255921
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 7307 bytes


----------



## flavallee (May 12, 2002)

lisanti said:


> Yes, there is still a HP printer; it's an all-in-one inkjet. Off to do the Hijack this stuff.


Okay. I just wanted to make sure.

*HP Image Zone Express* was one of the extras that came in HP printers several years ago.

----------------------------------------------------------


----------



## lisanti (Jul 11, 2003)

Ignore that last one - I reconfigured RoboBar, and here's the Hijack This after that:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:11:29 AM, on 5/4/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Lisanti\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251605255921
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 5988 bytes


----------



## lisanti (Jul 11, 2003)

flavallee said:


> Okay. I just wanted to make sure.
> 
> *HP Image Zone Express* was one of the extras that came in HP printers several years ago.
> 
> ----------------------------------------------------------


Well, the printer is several years old, so it figures.


----------



## flavallee (May 12, 2002)

Right-click MY COMPUTER, then click Properties.

What's listed in the *Computer:* section at the bottom of the "General" tab?

Make sure to submit it exactly as you see it there.

-----------------------------------------------------------

Right-click MY COMPUTER, then click Properties - Hardware - Device Manager.

Click the + in *IDE ATA/ATAPI Controllers* to expand its list of entries.

Double-click on *Primary IDE Channel* and *Secondary IDE Channel* to open their properties window.

Click the "Advanced Settings" tab.

Are all transfer mode settings on "DMA if available" or are any of them on "PIO only"?

-----------------------------------------------------------


----------



## flavallee (May 12, 2002)

lisanti said:


> Well, the printer is several years old, so it figures.


As long as the printer is working okay, age isn't an issue.

I'm still using an old HP Deskjet F340 All-In-One that was designed for Windows 98SE/ME/XP, and it still works fine for Windows Vista/7.

----------------------------------------------------------


----------



## lisanti (Jul 11, 2003)

The bottom right of the General tab has: Dell Inspiron 530S
Intel Pentium Dual CPU
E 2140 @ 1.60 gHz
1.60 gHz, 3.25 GB RAM
Physical Address Extension

The Device Manager under IDE/ATA/ATAPI controllers has three entries each of Primary and Secondary; the Primary are all "DMA if available" for both Device 0 and Device 1; one of the Secondary entries has "PIO only" for Device 0 and "DMA..." for Device 1 - the other Secondaries have DMA in both places.


----------



## flavallee (May 12, 2002)

Change the "PIO only" setting to "DMA if available", then click Apply - OK. 

Restart if prompted to.

Everything else looks good. 

The processor is running at its full rated speed. 

There's plenty of RAM. 

The hard drive is running in DMA mode.

------------------------------------------------------------


----------



## lisanti (Jul 11, 2003)

Flavallee - 

I think that the computer is as tuned up as it can be; perhaps whatever happened to start the problems left a legacy of a slow start-up, and if that's all it left, I am not complaining; I can wait a couple of extra minutes.

My deepest thanks to you, and to dvk01, for your hours of work on my problem, and thanks to TechGuy for having such great members. Thank you, thank you, thank you. I hope that you have a wonderful weekend - you deserve it.

Joan


----------



## flavallee (May 12, 2002)

I agree. It's probably time to put this thread to sleep and leave things as they are. 

You're welcome. 

----------------------------------------------------------


----------

