Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Cant remove Q-Word Search

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Cant remove Q-Word Search

Unread postby deltalima » December 20th, 2010, 4:53 pm

It looks like you ran OTL from a folder named hijack this on your desktop, check for a file named extras.txt in that folder.

And let me know if you have the Q-Word Search problem in Internet Explorer of Firefox or in both.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Re: Cant remove Q-Word Search

Unread postby sarasara » December 20th, 2010, 6:08 pm

Wow! That's a relief. Pasted below.

I have IE8 btw as my browser though 'find all files' gives me a list which shows that firefox is installed. Unsure how to locate 'Q-word there as I dont seem to be using it. Perhaps you could advise?


OTL Extras logfile created on: 20/12/2010 16:01:04 - Run 2
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Documents and Settings\User\Desktop\hijack this
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 244.14 Gb Total Space | 191.28 Gb Free Space | 78.35% Space Free | Partition Type: NTFS
Drive D: | 221.61 Gb Total Space | 194.95 Gb Free Space | 87.97% Space Free | Partition Type: NTFS
Drive G: | 699.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 2.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARIA-PC3000 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager -- File not found
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi -- File not found
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin -- File not found
"C:\Program Files\CAPCOM\Dark Void Demo\Launcher.exe" = C:\Program Files\CAPCOM\Dark Void Demo\Launcher.exe:*:Enabled:Dark Void Demo (DX10) -- (CAPCOM U.S.A., INC.)
"C:\Program Files\Steam\SteamApps\common\mafia ii - public demo\launcher.exe" = C:\Program Files\Steam\SteamApps\common\mafia ii - public demo\launcher.exe:*:Enabled:Mafia II - Demo -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1681FE1F-CF02-4B73-A780-C23C247876F7}" = Dark Void Demo
"{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}" = Serif PagePlus SE 1.0
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{3B78608F-D09A-11DF-A54E-0013D3D69929}" = Vegas Pro 10.0
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
"{4102037D-E8E0-48E0-B203-E521D194FB71}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{59d5cdab-7438-45f3-8947-5d33edab4e29}" = Nero 9
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{71F8C486-8A13-468E-8B73-06051075556A}" = Female Voice Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{807F5AD8-3EAE-AABF-AA0E-79FE8833AD98}" = muvee Pixie
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E7FC0EEE-C961-4D8D-BBCF-431F73507707}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A29B450E-D884-4367-868D-6BF18F9B2FDF}" = NextUp-ScanSoft Moira Irish Voice
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}" = Microsoft Speech SDK 5.1
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB0888EE-96D8-4713-84DC-36462C33AEB4}" = Bazooka Scanner
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.0.5
"AT&T Natural Voice Audrey_is1" = AT&T Natural Voices Audrey v. 1.4
"AV Voice Changer Software 7.0" = AV Voice Changer Software 7.0
"AV Voice Changer Software DIAMOND 4.0" = AV Voice Changer Software DIAMOND 4.0
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"CCleaner" = CCleaner
"CrystalDiskInfo_is1" = CrystalDiskInfo 3.8.0c
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"Download Manager" = Download Manager 2.3.10
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader" = Foxit Reader
"ie8" = Windows Internet Explorer 8
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Lexmark 640 Series" = Lexmark 640 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 12.0" = RealPlayer
"Steam App 50280" = Mafia II - Demo
"TextAloud MP3_is1" = TextAloud
"Ubersoldier 2_is1" = Ubersoldier 2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word8.0" = Microsoft Word 97
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-527237240-1614895754-1801674531-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 31/10/2010 08:30:18 | Computer Name = MARIA-PC3000 | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 02/11/2010 09:11:54 | Computer Name = MARIA-PC3000 | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 03/11/2010 09:45:03 | Computer Name = MARIA-PC3000 | Source = Bonjour Service | ID = 100
Description = 248: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 04/11/2010 12:34:39 | Computer Name = MARIA-PC3000 | Source = Bonjour Service | ID = 100
Description = 248: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 06/11/2010 09:01:15 | Computer Name = MARIA-PC3000 | Source = Bonjour Service | ID = 100
Description = 248: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/11/2010 07:59:13 | Computer Name = MARIA-PC3000 | Source = Bonjour Service | ID = 100
Description = 208: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 13/11/2010 09:31:55 | Computer Name = MARIA-PC3000 | Source = Bonjour Service | ID = 100
Description = 228: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 02/12/2010 07:40:04 | Computer Name = MARIA-PC3000 | Source = Registry Helper Service | ID = 109
Description =

Error - 06/12/2010 09:19:22 | Computer Name = MARIA-PC3000 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 11/12/2010 14:04:13 | Computer Name = MARIA-PC3000 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ System Events ]
Error - 12/12/2010 04:31:16 | Computer Name = MARIA-PC3000 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00146CF19711 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 13/12/2010 05:51:30 | Computer Name = MARIA-PC3000 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00146CF19711 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 14/12/2010 06:50:58 | Computer Name = MARIA-PC3000 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00146CF19711 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 15/12/2010 05:57:15 | Computer Name = MARIA-PC3000 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00146CF19711 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 16/12/2010 02:05:37 | Computer Name = MARIA-PC3000 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00146CF19711 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 17/12/2010 06:12:20 | Computer Name = MARIA-PC3000 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00146CF19711 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 18/12/2010 00:59:56 | Computer Name = MARIA-PC3000 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00146CF19711 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 19/12/2010 06:27:49 | Computer Name = MARIA-PC3000 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00146CF19711 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 19/12/2010 20:14:40 | Computer Name = MARIA-PC3000 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00146CF19711 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 20/12/2010 06:26:16 | Computer Name = MARIA-PC3000 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00146CF19711 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby deltalima » December 20th, 2010, 6:28 pm

Hi sarasara,

Please ensure that you download the following to the desktop and not a subfolder

Run Combofix

Temporarily disable any antispyware, antivirus and or antimalware real-time protection as they may interfere with running of ComboFix.

Download ComboFix from here to your Desktop.

For more information about Combofix please see here.

Close all programs.

Double click combofix.exe and follow the prompts.

If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures, if not, then follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Once installed, you should see the following message:

The recovery console was successfuly installed.
Click ‘YES’ to continue scanning for malware
Click ‘NO’ for exit

Click the YES button.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your “drive access” light. If it is flashing, Combofix is still at work.

When finished ComboFix will produce a log file. Please post the contents of this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Cant remove Q-Word Search

Unread postby sarasara » December 20th, 2010, 6:33 pm

Will do tomorrow deltalima if that's ok, thanks. Sara. :)
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby deltalima » December 20th, 2010, 6:35 pm

Yes that's fine!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Cant remove Q-Word Search

Unread postby sarasara » December 21st, 2010, 4:44 pm

Hi Deltalima,
Just got in and ran the program and this is the log, Q- Word still showing in the Google search bar. thanks,
sara :)

ComboFix 10-12-21.01 - User 21/12/2010 19:34:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2476 [GMT 0:00]
Running from: c:\documents and settings\User\Desktop\hijack this\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Application Data\EurekaLog
c:\documents and settings\User\Application Data\EurekaLog\EurekaLog.ini
c:\windows\system32\msconfig.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-21 to 2010-12-21 )))))))))))))))))))))))))))))))
.

2010-12-18 22:46 . 2010-12-18 22:46 -------- d-----w- c:\program files\Strategy First
2010-12-18 22:38 . 2010-12-18 22:38 -------- d-----w- c:\program files\iPod
2010-12-18 22:38 . 2010-12-18 22:39 -------- d-----w- c:\program files\iTunes
2010-12-11 22:28 . 2010-12-11 22:28 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-11 22:28 . 2010-12-11 22:28 -------- d-----w- c:\program files\Trend Micro
2010-12-11 20:17 . 2010-12-11 20:17 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-12-11 20:17 . 2010-12-11 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-11 20:17 . 2010-11-29 17:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-11 20:17 . 2010-12-11 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-11 20:17 . 2010-11-29 17:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-11 18:48 . 2010-12-03 09:05 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-11 18:34 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-11 18:34 . 2010-12-11 18:34 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-11 18:04 . 2010-12-11 18:04 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Sunbelt Software
2010-12-11 18:00 . 2010-12-11 18:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-11 16:32 . 2010-12-11 16:32 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-11 16:31 . 2010-12-11 16:31 -------- d-----w- c:\program files\ProtectDisc Driver Installer
2010-12-11 16:31 . 2010-12-11 16:31 -------- d-----w- c:\program files\CAPCOM
2010-12-06 13:18 . 2010-12-11 16:31 -------- dc----w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-12-06 13:17 . 2010-12-06 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-12-06 13:17 . 2010-12-06 13:17 -------- d-----w- c:\program files\Lavasoft
2010-12-02 11:39 . 2010-12-11 16:31 -------- d-----w- c:\program files\ffdshow
2010-12-02 11:36 . 2010-12-02 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2010-12-02 11:35 . 2010-12-02 11:35 -------- d-----w- c:\program files\W3i
2010-12-02 11:35 . 2010-12-02 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\W3i
2010-12-02 11:33 . 2010-12-02 11:33 -------- d-----w- c:\documents and settings\User\Application Data\Yahoo!
2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-27 23:03 . 2010-11-27 23:03 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2010-11-27 23:03 . 2010-11-27 23:03 -------- d-----w- c:\program files\Common Files\xing shared
2010-11-27 23:01 . 2010-11-27 23:01 151776 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2010-11-27 23:01 . 2010-11-27 23:01 100352 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2010-11-27 21:35 . 2010-11-27 21:35 -------- d-----w- c:\program files\Common Files\eSellerate
2010-11-27 21:35 . 2010-12-11 21:59 -------- d-----w- c:\program files\2C09381C82B740BFAB17C805414BE85D
2010-11-25 21:19 . 2010-12-21 19:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2010-04-13 15:59 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 18:53 . 2010-09-27 12:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 16:34 . 2010-09-27 12:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-06 00:26 . 2008-04-14 05:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:26 . 2008-04-14 05:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2008-04-14 05:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-03 12:25 . 2008-04-14 00:07 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-14 00:27 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2008-04-14 05:39 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2008-04-14 01:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-09-29 18:06 . 2010-09-29 18:03 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
.

------- Sigcheck -------


[-] 2010-04-13 . F49C5C12A14F20A45F61977CF384B7FC . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-11-27 274608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-18 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-18 51984]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CAPCOM\\Dark Void Demo\\Launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mafia ii - public demo\\launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/12/2010 18:34 64288]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06/12/2005 15:11 35328]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09/06/2010 16:43 11352]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24/02/2010 10:22 185472]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [20/09/2010 15:28 6852]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13:42 32856]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [13/04/2010 16:10 272128]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [02/11/2005 09:54 11596]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [17/09/2010 20:35 17792]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/12/2010 09:05 1389400]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18:39 19472]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [03/12/2010 09:05 15264]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [01/07/2010 13:21 34896]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 15:06 11520]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HELPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-12-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 09:05]

2010-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-12-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-527237240-1614895754-1801674531-1001.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]

2010-12-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-1614895754-1801674531-1001.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]

2010-12-21 c:\windows\Tasks\User_Feed_Synchronization-{3866EC9F-E3F4-48A5-8B98-F29D52B3E338}.job
- c:\windows\system32\msfeedssync.exe [2010-04-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Lookup on Merriam Webster
IE: Lookup on Wikipedia
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\uh1w18zb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: TextAloud Firefox Plugin: {99a0337c-6303-4879-b72e-500fd9aaca8c} - c:\program files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\DAP\DAPFireFox
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-21 19:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync03.sys atapi.sys pciide.sys
c:\windows\system32\drivers\sfsync03.sys Protection Technology StarForce Protection System
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A9FAAB8]
3 CLASSPNP[0xB8118FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000074[0x8AA66F18]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP2T0L0-e[0x8AA07D98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user != kernel MBR !!!

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-527237240-1614895754-1801674531-1001\Software\SecuROM\License information*]
"datasecu"=hex:71,a0,57,93,41,a1,fe,63,e0,69,39,bc,73,80,dd,a6,63,30,ee,45,ec,
61,6a,65,e7,3f,97,cc,89,b6,75,fa,de,ba,95,8d,7f,05,f8,c2,72,13,72,1d,1c,08,\
"rkeysecu"=hex:fc,4a,2d,4e,01,56,f9,5d,b9,be,51,e6,ac,7b,9b,c4

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3428)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-12-21 19:43:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-21 19:43

Pre-Run: 204,955,435,008 bytes free
Post-Run: 205,011,288,064 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT

- - End Of File - - 1AAD39D25385C4437FD111B62463C4CE
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby deltalima » December 21st, 2010, 5:32 pm

Hi sarasara,

MBRCheck

Please download MBRCheck.exe to your desktop.
  • Double-click on MBRCheck.exe to run it.
  • It will show a Black screen with some information.
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file in you're next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Cant remove Q-Word Search

Unread postby sarasara » December 21st, 2010, 7:13 pm

Thanks Deltalima,
Again bit late and if ok I'll do it tomorrow. Most grateful for your kind assistance btw :)
sara.
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby deltalima » December 21st, 2010, 7:21 pm

OK, please post whenever convenient.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Cant remove Q-Word Search

Unread postby sarasara » December 22nd, 2010, 8:10 am

Hi Deltalima,

System Change. Due to increased level of political hacking in the UK and the failure of Kaspersky program to inform me if it has a firewall I have installed Cmbo firewall and Combogeek buddy. Grateful if you could advise if this step is worthwhile?
Thanks,
sara :)

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fd

Kernel Drivers (total 141):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB80B8000 ohci1394.sys
0xB80C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7F23000 dmio.sys
0xB8330000 PartMgr.sys
0xB80E8000 sfsync03.sys
0xB80F8000 VolSnap.sys
0xB7F0B000 atapi.sys
0xB8108000 disk.sys
0xB8118000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7EEB000 fltMgr.sys
0xB7ED9000 sr.sys
0xB8128000 Lbd.sys
0xB7EC2000 KSecDD.sys
0xB7E35000 Ntfs.sys
0xB7E20000 inspect.sys
0xB7DF3000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xB8338000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xB78D1000 kl1.sys
0xB78BE000 sfvfs02.sys
0xB8340000 sfhlp02.sys
0xB78AC000 sfdrv01.sys
0xB7892000 Mup.sys
0xB82C8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB61FE000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB61EA000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB83B0000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB82D8000 \SystemRoot\system32\DRIVERS\serial.sys
0xB6D21000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB61D6000 \SystemRoot\system32\DRIVERS\parport.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB83B8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB83C0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB61B2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB83C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB82F8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8308000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8318000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB618F000 \SystemRoot\system32\DRIVERS\ks.sys
0xB83D0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB6111000 \SystemRoot\system32\drivers\ctaud2k.sys
0xB60ED000 \SystemRoot\system32\drivers\portcls.sys
0xB8158000 \SystemRoot\system32\drivers\drmk.sys
0xB60B9000 \SystemRoot\system32\drivers\ctoss2k.sys
0xB83D8000 \SystemRoot\system32\drivers\ctprxy2k.sys
0xB6CAB000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB83E0000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB6C9B000 \SystemRoot\system32\DRIVERS\klim5.sys
0xB83E8000 \SystemRoot\system32\DRIVERS\vcsvad.sys
0xB86F3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB6C8B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB6D0D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB60A2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB6C7B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB6C6B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB6091000 \SystemRoot\system32\DRIVERS\psched.sys
0xB6C5B000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB83F0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB83F8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB6061000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB6C4B000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8400000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85F2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6003000 \SystemRoot\system32\DRIVERS\update.sys
0xB6CFD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB5FF2000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xB5FBF000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB6C3B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8408000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xAFADE000 \SystemRoot\system32\drivers\ha20x2k.sys
0xAFAAF000 \SystemRoot\system32\drivers\emupia2k.sys
0xAFA86000 \SystemRoot\system32\drivers\ctsfm2k.sys
0xAF9EA000 \SystemRoot\system32\drivers\ctac32k.sys
0xB8198000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85F8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xAF96C000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xAF8ED000 \SystemRoot\system32\DRIVERS\klif.sys
0xB85FC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB8726000 \SystemRoot\System32\Drivers\Null.SYS
0xB85FE000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8418000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8420000 \SystemRoot\System32\drivers\vga.sys
0xB8600000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8428000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8430000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB85A4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB8438000 \SystemRoot\system32\DRIVERS\kl2.sys
0xAF88A000 \SystemRoot\system32\DRIVERS\wg111v2.sys
0xAF7AF000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAF756000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAF730000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB8448000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xAF708000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAF6E6000 \SystemRoot\System32\drivers\afd.sys
0xB81D8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAF6BB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAF623000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB81E8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB81F8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB8208000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB8460000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB8468000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB5F77000 \SystemRoot\system32\drivers\copperhd.sys
0xB5F73000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8268000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB5F6F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB8588000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xAF87A000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAEF67000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB8662000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAF6A3000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8498000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB86E4000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB8458000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAEC63000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAE74A000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAE6E5000 \SystemRoot\system32\drivers\wdmaud.sys
0xAE807000 \SystemRoot\system32\drivers\sysaudio.sys
0xB8640000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAE5A3000 \??\C:\WINDOWS\system32\drivers\acedrv11.sys
0xAD76D000 \SystemRoot\system32\DRIVERS\srv.sys
0xB85B6000 \??\C:\WINDOWS\system32\Drivers\Vcs.sys
0xACF81000 \SystemRoot\System32\Drivers\HTTP.sys
0xAB68F000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 48):
0 System Idle Process
4 System
1368 C:\WINDOWS\system32\smss.exe
1436 csrss.exe
1460 C:\WINDOWS\system32\winlogon.exe
1504 C:\WINDOWS\system32\services.exe
1516 C:\WINDOWS\system32\lsass.exe
1692 C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
1704 C:\WINDOWS\system32\nvsvc32.exe
1784 C:\WINDOWS\system32\svchost.exe
1832 svchost.exe
2028 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
184 C:\WINDOWS\system32\svchost.exe
324 svchost.exe
700 svchost.exe
996 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1088 C:\WINDOWS\explorer.exe
1180 C:\WINDOWS\system32\LEXBCES.EXE
1216 C:\WINDOWS\system32\LEXPPS.EXE
1228 C:\WINDOWS\system32\spoolsv.exe
1336 C:\WINDOWS\system32\CtHelper.exe
1344 C:\WINDOWS\system32\Ctxfihlp.exe
1364 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1564 svchost.exe
1656 C:\WINDOWS\system32\rundll32.exe
1660 C:\Program Files\Real\RealPlayer\Update\realsched.exe
1776 C:\Program Files\iTunes\iTunesHelper.exe
1892 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
1916 C:\WINDOWS\system32\CTxfispi.exe
236 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
284 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
736 C:\WINDOWS\system32\ctfmon.exe
888 C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
476 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
1028 C:\Program Files\Bonjour\mDNSResponder.exe
1324 C:\Program Files\Java\jre6\bin\jqs.exe
2376 C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
2408 C:\Program Files\Microsoft Office\Office\OSA.EXE
2536 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
1560 unsecapp.exe
2144 wmiprvse.exe
2356 C:\Program Files\iPod\bin\iPodService.exe
3272 alg.exe
2384 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
428 C:\Program Files\Internet Explorer\iexplore.exe
1052 C:\Program Files\Internet Explorer\iexplore.exe
3604 C:\Program Files\Internet Explorer\iexplore.exe
692 C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\B5YMN00U\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003d`093bfc00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AACS-00G8B1, Rev: 05.04C05

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby deltalima » December 22nd, 2010, 8:34 am

Hi sarasara,

I have installed Cmbo firewall and Combogeek buddy


OK, but please do not make any other changes unless I ask you to, it makes the logs harder to follow.

You still have kaspersky installed, you need to uninstall it as you cannot use two realtime antivirus programs at the same time.

Please remove kaspersky then reboot the computer.

Security Check
Please download Security Check ... by screen317. Save it to your desktop.
Alternate download site: Link 2
  1. Double click the SecurityCheck.exe icon to begin.
  2. Press the Space Bar when you see the "press any key to continue..." message.
    A Notepad results file will open automatically called checkup.txt
  3. Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
  4. Please copy/paste the entire contents of the checkup.txt file into your next reply.

Now run a new scan with GMER and post the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Cant remove Q-Word Search

Unread postby sarasara » December 22nd, 2010, 11:55 am

Apologies, uninstalled Kaspersky, rrebooted and now run GMER. Looks like a very long file hope I got it in order. thanks. :)

Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Adobe Flash Player 10.1.85.3
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````End of Log````````````
Last edited by sarasara on December 22nd, 2010, 1:47 pm, edited 1 time in total.
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby sarasara » December 22nd, 2010, 1:36 pm

GMER 1.0.15.15530 - httpwww.gmer.net
Rootkit scan 2010-12-22 162509
Windows 5.1.2600 Service Pack 3 Harddisk0DR0 - DeviceIdeIdeDeviceP2T0L0-e WDC_WD5000AACS-00G8B1 rev.05.04C05
Running 3v3gorix[1].exe; Driver CDOCUME~1UserLOCALS~1Tempkwdorfog.sys


---- System - GMER 1.0.15 ----

SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwAdjustPrivilegesToken [0xAFE9F7B6]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwConnectPort [0xAFE9ED66]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwCreateFile [0xAFE9F41C]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwCreateKey [0xAFEA002A]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwCreatePort [0xAFE9EC42]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwCreateSection [0xAFEA20E8]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwCreateSymbolicLinkObject [0xAFEA246E]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwCreateThread [0xAFE9E62E]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwDeleteKey [0xAFE9F9A2]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwDeleteValueKey [0xAFE9FBA2]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwDuplicateObject [0xAFE9E434]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwEnumerateKey [0xAFEA0768]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwEnumerateValueKey [0xAFEA09BE]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwLoadDriver [0xAFEA1AF8]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwMakeTemporaryObject [0xAFE9EFFE]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwOpenFile [0xAFE9F5F8]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwOpenKey [0xAFEA001A]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwOpenProcess [0xAFE9E062]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwOpenSection [0xAFE9F2A2]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwOpenThread [0xAFE9E266]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwQueryKey [0xAFEA0BCC]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwQueryMultipleValueKey [0xAFEA1020]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwQueryValueKey [0xAFEA0DDE]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwRenameKey [0xAFEA0580]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwRequestWaitReplyPort [0xAFEA1590]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwSecureConnectPort [0xAFEA1844]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwSetSecurityObject [0xAFE9FDF2]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwSetSystemInformation [0xAFEA1DF0]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwSetValueKey [0xAFEA02F8]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwShutdownSystem [0xAFE9EF98]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwSystemDebugControl [0xAFE9F18E]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwTerminateProcess [0xAFE9EA44]
SSDT SystemRootSystem32DRIVERScmdguard.sys (COMODO Internet Security Sandbox DriverCOMODO) ZwTerminateThread [0xAFE9E832]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 4 Bytes CALL B5002F6D
.text ntkrnlpa.exe!ZwCallbackReturn + 2CB4 80504550 8 Bytes JMP E9E62EAF
.text ntkrnlpa.exe!ZwCallbackReturn + 2E64 80504700 8 Bytes JMP EA1020AF
.text ntkrnlpa.exe!ZwCallbackReturn + 2FE8 80504884 8 Bytes JMP E832AFE9
.sfrelocÿÿÿÿsfsync03unknown last section [0xB80F5000, 0xA20, 0x40000040] CWINDOWSsystem32driverssfsync03.sys unknown last section [0xB80F5000, 0xA20, 0x40000040]
.text CWINDOWSsystem32DRIVERSnv4_mini.sys section is writeable [0xB66FF3A0, 0x59FFE5, 0xE8000020]
.vmp2 CWINDOWSsystem32driversacedrv11.sys entry point in .vmp2 section [0xAB51969D]
.text ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00
.text ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20
.text ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0
.text ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80
.text ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60
.text ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20
.text ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490
.text ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0
.text ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0
.text ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440
.text ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60
.text ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80
.text ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40
.text ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0
.text ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630
.text ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40
.text ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40

---- User code sections - GMER 1.0.15 ----

.text CWINDOWSsystem32svchost.exe[284] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text CWINDOWSsystem32svchost.exe[284] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32svchost.exe[284] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe[328] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text CWINDOWSsystem32CTHELPER.EXE[460] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTHELPER.EXE[460] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32CTXFIHLP.EXE[464] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby sarasara » December 22nd, 2010, 1:36 pm

1002C440 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 1002C980 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 1002C960 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCommon FilesJavaJava Updatejusched.exe[488] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 1002C920 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 1002C940 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text CProgram FilesBonjourmDNSResponder.exe[532] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesBonjourmDNSResponder.exe[532] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text CWINDOWSsystem32RUNDLL32.EXE[560] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32RUNDLL32.EXE[560] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesRealRealPlayerupdaterealsched.exe[592] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
FilesCommon FilesMicrosoft
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby sarasara » December 22nd, 2010, 1:37 pm

.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text CProgram FilesiTunesiTunesHelper.exe[604] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] WININET.DLL!InternetConnectA 3D94DEAE 5 Bytes JMP 1002C980 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesiTunesiTunesHelper.exe[604] WININET.DLL!InternetConnectW 3D94F862 5 Bytes JMP 1002C960 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO Internet Securitycfp.exe[616] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00719AB0 CProgram FilesCOMODOCOMODO Internet Securitycfp.exe (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text CWINDOWSsystem32ctfmon.exe[656] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSsystem32ctfmon.exe[656] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 1002C920 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 1002C940 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text CProgram FilesJavajre6binjqs.exe[676] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesJavajre6binjqs.exe[676] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesMicrosoft OfficeOfficeFINDFAST.EXE[700] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 1002C980 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CProgram FilesCOMODOCOMODO GeekBuddyCLPS.exe[712] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 1002C960 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSSYSTEM32CTXFISPI.EXE[744] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSSYSTEM32CTXFISPI.EXE[744] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSSYSTEM32CTXFISPI.EXE[744] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSSYSTEM32CTXFISPI.EXE[744] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSSYSTEM32CTXFISPI.EXE[744] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSSYSTEM32CTXFISPI.EXE[744] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text CWINDOWSSYSTEM32CTXFISPI.EXE[744] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 CWINDOWSsystem32guard32.dll (COMODO Internet SecurityCOMODO)
.text
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 13 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware