Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infection affecting MBAM & SpywareBlaster update, IE & Avast

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby Cypher » November 8th, 2011, 12:46 pm

Hi mandy99,
I need to discuss this problem with my collogues.
Sorry for the delay but i will get back to you as soon as possible.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby mandy99 » November 8th, 2011, 10:54 pm

Thanks Cypher!

Please let me know if I can provide any more information.

Mandy99
mandy99
Regular Member
 
Posts: 17
Joined: November 1st, 2011, 10:28 pm

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby Cypher » November 9th, 2011, 6:36 am

Hi mandy99,
Again sorry for the delay.
I need you try running GrantPerms again but this time in Safe mode.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • When you get the option to choose the user account to log in, you should choose "administrator"
.

Once in Safe mode run GrantPerms as you did previously.

Logs/Information to Post in your Next Reply

  • Perms.txt.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby mandy99 » November 9th, 2011, 1:04 pm

Hi Cypher,

I'm happy to report that this time, GrantPerms ran with a different outcome. The log is posted below. While I was in Safe Mode, after I ran GrantPerms, I tried opening IE, and it worked. I then rebooted normally and tried opening IE again. Unfortunately, I got the same error message I've been getting:

Image

I also noted that while in Safe Mode, in the Start Menu, the appropriate icon is shown for IE. In normal mode, while the correct icon is shown for IE on the desktop, in the start menu, the icon for an unknown application is shown for IE and for IE with no addons:

Image

--------------------------------------------
Perms.txt
--------------------------------------------
GrantPerms by Farbar
Ran by Lynette at 2011-11-09 11:42:59

===============================================
\\?\c:\\Program Files\Internet Explorer\iexplore.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)
mandy99
Regular Member
 
Posts: 17
Joined: November 1st, 2011, 10:28 pm

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby mandy99 » November 9th, 2011, 1:05 pm

*edited: Duplicate post - sorry about that *
mandy99
Regular Member
 
Posts: 17
Joined: November 1st, 2011, 10:28 pm

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby Cypher » November 9th, 2011, 2:10 pm

Hi mandy99,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *iexplore.exe*

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby mandy99 » November 9th, 2011, 5:10 pm

Hi Cypher, the log is posted below:
-----------------------------------------------------
SystemLook.txt
-----------------------------------------------------
SystemLook 30.07.11 by jpshortstuff
Log created at 16:06 on 09/11/2011 by Lynette
Administrator - Elevation successful

========== filefind ==========

Searching for "*iexplore.exe*"
C:\Documents and Settings\Lynette\Recent\iexplore.exe.exp.log.lnk --a---- 785 bytes [22:38 11/10/2011] [22:38 11/10/2011] C96DB2B26C5D82E2C753958FB7227200
C:\Program Files\Internet Explorer\iexplore.exe --a---- 638816 bytes [03:50 20/12/2007] [18:09 08/03/2009] (Unable to calculate MD5)
C:\Program Files\Internet Explorer\iexplore.exe.exp.log --a---- 6728 bytes [21:37 04/07/2009] [20:33 10/10/2011] FB02BF8A7CADEE72B75673B68A18C632
C:\Program Files\Internet Explorer\iexplore.exe.mui ------- 12288 bytes [18:21 08/03/2009] [18:21 08/03/2009] 943030B55FDB56FB8B8FCC086071E119
C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui --a---- 12288 bytes [23:43 13/08/2007] [18:21 08/03/2009] 943030B55FDB56FB8B8FCC086071E119
C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe --a---- 625664 bytes [02:31 21/12/2007] [08:16 10/10/2007] 632BDE0179847234433CA50945442ACB
C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe --a---- 625664 bytes [08:34 06/12/2007] [08:34 06/12/2007] 809D17D8FA0FDAEE07778CD821CAFFDE
C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe --a---- 625664 bytes [04:03 10/04/2008] [09:40 22/02/2008] 6E0888626E0CAC79F57149814E22DB4D
C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe --a---- 635848 bytes [05:56 23/08/2008] [05:56 23/08/2008] E8305C30D35E85D6657ED3E9934CB302
C:\WINDOWS\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe --a---- 633632 bytes [11:08 10/12/2008] [06:34 15/10/2008] 056C927CF7207857E8B34F7A8FFD9B9E
C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe --a---- 634024 bytes [13:21 11/02/2009] [05:25 19/12/2008] 15E8A89499741D5CF59A9CF6463A4339
C:\WINDOWS\ie7\iexplore.exe --a--c- 93184 bytes [02:28 21/12/2007] [12:00 04/08/2004] E7484514C0464642BE7B4DC2689354C8
C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe --a--c- 622080 bytes [02:32 21/12/2007] [23:43 13/08/2007] DE49B348A18369B4626FBA1D49B07FB4
C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe --a--c- 625152 bytes [08:56 14/02/2008] [10:59 10/10/2007] E854D02E4231F704D9BE782A424E6D8B
C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe --a--c- 625664 bytes [12:10 10/04/2008] [11:01 06/12/2007] 2703D940A62B731AA220529DD7331A78
C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe --a--c- 625664 bytes [12:14 11/11/2008] [08:55 29/02/2008] 2D0E5592AB5A46C27DAF7CCAFF4F5B59
C:\WINDOWS\ie7updates\KB958215-IE7\iexplore.exe --a--c- 635848 bytes [08:04 11/12/2008] [05:56 23/08/2008] 1F03216084447F990AE797317D0A6E70
C:\WINDOWS\ie7updates\KB961260-IE7\iexplore.exe --a--c- 633632 bytes [11:58 12/02/2009] [07:06 15/10/2008] 9D3DB9ADFABD2F0BC778EC03250A3ABB
C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf --a---- 127584 bytes [17:52 31/03/2009] [14:43 11/10/2011] 1EA041F75A604EB78ABBCAC227970261
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe ------- 93184 bytes [00:12 14/04/2008] [00:12 14/04/2008] 55794B97A7FAABD2910873C85274F409
C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\iexplore.exe --a---- 625152 bytes [02:25 21/12/2007] [10:59 10/10/2007] E854D02E4231F704D9BE782A424E6D8B
C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\iexplore.exe --a---- 625664 bytes [02:25 21/12/2007] [08:16 10/10/2007] 632BDE0179847234433CA50945442ACB
C:\WINDOWS\system32\dllcache\iexplore.exe --a--c- 638816 bytes [03:50 20/12/2007] [18:09 08/03/2009] B60DDDD2D63CE41CB8C487FCFBB6419E

-= EOF =-
mandy99
Regular Member
 
Posts: 17
Joined: November 1st, 2011, 10:28 pm

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby Cypher » November 10th, 2011, 7:13 am

Hi mandy99,

Ok run the below scan for me please.

Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby mandy99 » November 10th, 2011, 3:59 pm

Hi Cypher, the log is posted below:
----------------------------------------------------
Gmer.txt
----------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-10 14:56:18
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e FUJITSU_MHW2040AT rev.0000000B
Running: v6n4nvyd.exe; Driver: C:\DOCUME~1\Lynette\LOCALS~1\Temp\axpdqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xF0C198B2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xF0C18E48]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xF0C19518]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xF0C1A126]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xF0C18D28]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xF0C1C1E0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xF0C1C568]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xF0C18714]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xF0C19A9E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xF0C19C9E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xF0C1851A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xF0C1A864]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xF0C1AABA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xF0C1BBF0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xF0C19110]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xF0C196F4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xF0C1A116]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xF0C18148]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xF0C193B4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xF0C1834C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xF0C1ACC8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xF0C1B11C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xF0C1AEDA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xF0C1A67C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xF0C1B68C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xF0C1B940]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xF0C19EEE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xF0C1BEE8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xF0C1A3F4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xF0C1907A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xF0C192A0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xF0C18B2A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xF0C18918]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 395 804E2A01 3 Bytes [B9, C1, F0]
.text ntoskrnl.exe!_abnormal_termination + 40C 804E2A78 4 Bytes [E8, BE, C1, F0]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\alg.exe[556] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[556] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[556] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[556] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[556] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[556] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[556] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[556] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[556] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[556] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[712] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[712] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[712] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[712] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[712] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[712] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[712] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[824] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[824] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[824] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[824] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[824] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[824] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[824] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[824] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[824] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[824] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[828] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[828] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[828] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[828] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[828] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[828] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[828] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10028AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 10028860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[904] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[904] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[916] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[916] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[916] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1068] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1068] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1068] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1068] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1068] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1068] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1068] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1068] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1068] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1084] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1084] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1112] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1112] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1112] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1112] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1112] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1112] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\BCMSMMSG.exe[1148] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\BCMSMMSG.exe[1148] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\BCMSMMSG.exe[1148] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\BCMSMMSG.exe[1148] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\BCMSMMSG.exe[1148] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\BCMSMMSG.exe[1148] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\BCMSMMSG.exe[1148] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\BCMSMMSG.exe[1148] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\BCMSMMSG.exe[1148] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\BCMSMMSG.exe[1148] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1176] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1176] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1176] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005190B0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00531040 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1244] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1244] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1244] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1316] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1316] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1316] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1316] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1316] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1316] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1316] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1384] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1384] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1384] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1384] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1516] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1516] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1516] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1688] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1688] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1688] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1688] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1688] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1688] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1688] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1688] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1784] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1784] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1784] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1784] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1784] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1784] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1784] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1864] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1864] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1864] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1900] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1900] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1900] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1900] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1900] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1900] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1900] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1920] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1920] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1920] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1920] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1920] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1920] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1920] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2100] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2100] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2100] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2100] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2100] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2100] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2100] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2100] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2536] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2536] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2536] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2536] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2536] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2536] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2536] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2536] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lynette\Desktop\v6n4nvyd.exe[3860] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lynette\Desktop\v6n4nvyd.exe[3860] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lynette\Desktop\v6n4nvyd.exe[3860] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lynette\Desktop\v6n4nvyd.exe[3860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lynette\Desktop\v6n4nvyd.exe[3860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lynette\Desktop\v6n4nvyd.exe[3860] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lynette\Desktop\v6n4nvyd.exe[3860] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lynette\Desktop\v6n4nvyd.exe[3860] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lynette\Desktop\v6n4nvyd.exe[3860] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Lynette\Desktop\v6n4nvyd.exe[3860] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- EOF - GMER 1.0.15 ----
mandy99
Regular Member
 
Posts: 17
Joined: November 1st, 2011, 10:28 pm

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby Cypher » November 11th, 2011, 7:27 am

Hi mandy99,

  • Please download TFC and save it to your desktop.
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click Yes to reboot.
  • NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby mandy99 » November 11th, 2011, 4:19 pm

Hi Cypher,

TFC ran as expected, and after numerous drops of my wireless connection, I was able to run ESET. The log is posted below:
--------------------------------------------------
log.txt
--------------------------------------------------
ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c3a35cb890062d4aa878c23979dade74
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-11-11 07:20:55
# local_time=2011-11-11 02:20:55 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 16777214 0 2 2668914 2668914 0 0
# compatibility_mode=3073 16777213 80 75 1811418 11513991 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=34902
# found=0
# cleaned=0
# scan_time=3951
mandy99
Regular Member
 
Posts: 17
Joined: November 1st, 2011, 10:28 pm

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby Cypher » November 12th, 2011, 7:23 am

Hi mandy99,
Ok continue with the instructions below.

Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad, Do not include the word "Quote".
sc stop NDISRD
sc config NDISRD start= disabled

Save it as "All Files" and name it FixServices.bat Please save it on your desktop.

Exit Notepad and Double click FixServices.bat. A window will open and close. This is normal.

Now reboot your computer

Next.

Please delete the copy of Combofix that is on your Dektop, and download a fresh copy from Here
Now Disable your Anti-virus and run ComboFix again as you did previously, post the resulting ComboFix.txt in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby mandy99 » November 12th, 2011, 1:55 pm

Hi Cypher,

I ran FixServices.bat, rebooted, deleted then downloaded ComboFix, and finally ran ComboFix. The log is posted below:
-----------------------------------------------------------
ComboFix.exe
-----------------------------------------------------------
ComboFix 11-11-12.04 - Lynette 11/12/2011 12:34:40.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.123 [GMT -5:00]
Running from: c:\documents and settings\Lynette\Desktop\ComboFix.exe
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 )))))))))))))))))))))))))))))))
.
.
2011-11-11 17:53 . 2011-11-11 17:53 -------- d-----w- c:\program files\ESET
2011-11-05 23:14 . 2011-11-05 23:14 -------- d-----w- c:\documents and settings\Lynette\Application Data\Malwarebytes
2011-11-05 23:13 . 2011-11-05 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-05 23:13 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-05 23:13 . 2011-11-05 23:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-05 14:03 . 2010-09-07 19:39 150392 ----a-w- c:\windows\junction.exe
2011-10-11 15:52 . 2011-10-11 15:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-17 13:49 . 2004-08-04 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-29 06:53 . 2011-10-11 02:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-03_20.59.16 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2011-10-11 21:40 40394 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2011-11-07 21:34 40394 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2011-11-07 21:34 312172 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2011-10-11 21:40 312172 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-26 185896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 335872]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstall ... 547d9d9afd" [?]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/30/2011 8:38 AM 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/30/2011 8:38 AM 29400]
S3 DM9USB;ST268 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [12/19/2007 11:22 PM 26190]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NDISRD
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Lynette\Application Data\Mozilla\Firefox\Profiles\ynt30tpd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://malwareremoval.com/forum/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-12 12:43
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(916)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(1224)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-11-12 12:47:54
ComboFix-quarantined-files.txt 2011-11-12 17:47
ComboFix2.txt 2011-11-04 22:51
ComboFix3.txt 2011-11-03 21:04
.
Pre-Run: 32,458,665,984 bytes free
Post-Run: 32,448,962,560 bytes free
.
- - End Of File - - E7FEEFFF7E55B765A2B1F3B18841B972
mandy99
Regular Member
 
Posts: 17
Joined: November 1st, 2011, 10:28 pm

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby Cypher » November 12th, 2011, 2:06 pm

Hi mandy99,
Are you still having problems with Internet Explorer?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Infection affecting MBAM & SpywareBlaster update, IE & A

Unread postby mandy99 » November 13th, 2011, 10:20 am

Hi Cypher,

I checked Internet Explorer, and everything seems to be working! Yay!

Thanks so much for all your help, I couldn't have done it without you! Please let me know if I need to run anything else.
Mandy
mandy99
Regular Member
 
Posts: 17
Joined: November 1st, 2011, 10:28 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 69 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware