Malware infection

[Chasimar]

Hi,

Recently, I have been infected with adware as well as a trojan.

I have tried to remove the malware personally, but there are still certain symptoms remaining. Malwarebytes, for example, keeps generating a lot of alerts regarding outbound connections to malicious websites.

Could you please tell me if my machine is infected, and if so, how severe is this infection?

Thanks in advance.

-The required logs are posted below:-

DDS log

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26

Run by Jeff at 23:54:27 on 2011-08-16

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2039.801 [GMT -4:00]

.

AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\NetLimiter 3\nlsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\NetLimiter 3\NLClientApp.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [NetLimiter] c:\program files\netlimiter 3\NLClientApp.exe /tray

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRunOnce: [NoIE4StubProcessing] c:\windows\system32\reg.exe delete "hklm\software\microsoft\active setup\Installed Components" /v "NoIE4StubProcessing" /f

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{13A8665C-13A9-47DB-8F3D-A37F39BEA362} : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{13A8665C-13A9-47DB-8F3D-A37F39BEA362}\C696E6B6379737 : DhcpNameServer = 10.0.0.1

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\jeff\appdata\roaming\mozilla\firefox\profiles\ann0c5cg.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - plugin: c:\windows\system32\npOGPPlugin.dll

FF - plugin: c:\windows\system32\wat\npWatWeb.dll

.

============= SERVICES / DRIVERS ===============

.

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2011-1-6 19088]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 238960]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 37592]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

.

=============== Created Last 30 ================

.

2011-08-16 21:45:11 -------- d-----w- c:\users\jeff\appdata\local\{BE6C1C2B-F053-453A-A4D8-2F06FB649C07}

2011-08-16 21:44:59 -------- d-----w- c:\users\jeff\appdata\local\{DE3F44F4-3565-41A0-971A-993ED1940D09}

2011-08-16 13:40:43 -------- d-----w- c:\users\jeff\appdata\local\{26D03C2E-E4B6-4C4B-ACF2-F4BFAFBE29E6}

2011-08-16 13:39:55 -------- d-----w- c:\users\jeff\appdata\local\{E26B86E2-FAA8-448F-8037-C985B4D9B836}

2011-08-16 00:55:07 -------- d-----w- c:\users\jeff\appdata\local\{AC25232F-61A9-4F00-8402-DF50B66FEC69}

2011-08-16 00:54:45 -------- d-----w- c:\users\jeff\appdata\local\{043005AD-86D1-4F22-AF02-6AFC13491022}

2011-08-15 23:30:53 -------- d-----w- c:\users\jeff\appdata\local\{C0692871-7DC1-449E-88D1-1A5D94AE6ECD}

2011-08-15 23:30:37 -------- d-----w- c:\users\jeff\appdata\local\{CC61C077-FE97-47D3-85FC-8B9E5296C125}

2011-08-15 23:21:00 -------- d-sh--w- C:\$RECYCLE.BIN

2011-08-15 23:04:08 -------- d-----w- c:\users\jeff\appdata\local\{9F196C3C-665C-44B0-B1F7-3ED88BEAB750}

2011-08-15 23:03:53 -------- d-----w- c:\users\jeff\appdata\local\{3AAB2031-8EAC-420F-8DDA-FC105FCC7602}

2011-08-15 22:45:46 -------- d-----w- c:\users\jeff\appdata\local\temp

2011-08-15 22:29:05 98816 ----a-w- c:\windows\sed.exe

2011-08-15 22:29:05 518144 ----a-w- c:\windows\SWREG.exe

2011-08-15 22:29:05 256000 ----a-w- c:\windows\PEV.exe

2011-08-15 22:29:05 208896 ----a-w- c:\windows\MBR.exe

2011-08-15 22:03:57 388096 ----a-r- c:\users\jeff\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-08-15 22:03:57 -------- d-----w- c:\program files\Trend Micro

2011-08-15 18:29:58 -------- d-----w- c:\users\jeff\appdata\roaming\WinPatrol

2011-08-15 18:29:44 -------- d-----w- c:\program files\BillP Studios

2011-08-15 18:24:46 -------- d-----w- c:\users\jeff\appdata\local\{87FD7853-F62F-43FC-8B75-7A6CD4FBF703}

2011-08-15 18:24:18 -------- d-----w- c:\users\jeff\appdata\local\{BC23525B-D3C7-4250-96F0-EDE88D4D60BB}

2011-08-15 14:11:30 -------- d-----w- c:\users\jeff\appdata\local\{6C2B4CE8-0294-4554-956A-D61BEF5121FA}

2011-08-15 14:11:16 -------- d-----w- c:\users\jeff\appdata\local\{8C7BEF02-9420-4BEE-8666-BF0B37E3EB92}

2011-08-15 04:05:52 -------- d-----w- c:\users\jeff\appdata\local\{0FF88B1F-EE54-42CA-B7E0-CD69BE6CC502}

2011-08-15 04:02:36 -------- d-----w- c:\users\jeff\appdata\local\{DC12DB89-AB06-42F7-A973-73D925F16E3C}

2011-08-14 21:21:15 -------- d-----w- c:\users\jeff\appdata\local\{C37B4AE6-0305-44CA-8C23-6F65E467AFB7}

2011-08-14 13:01:52 -------- d-----w- c:\users\jeff\appdata\local\{ECE268D0-8AAB-446E-92D5-0FDFC3046465}

2011-08-14 13:01:35 -------- d-----w- c:\users\jeff\appdata\local\{D269DDBB-C52F-489E-9547-02C58A5BCDBA}

2011-08-13 20:06:55 -------- d-----w- c:\users\jeff\appdata\local\{1DD6824E-753F-423F-947C-0A4DB741760E}

2011-08-13 20:06:32 -------- d-----w- c:\users\jeff\appdata\local\{37032D26-DEE6-4AF8-8E75-F686691D9CF9}

2011-08-13 15:51:15 -------- d-----w- c:\users\jeff\appdata\local\{657EF95E-7529-4C9F-AAC4-6EF5DCD83C09}

2011-08-13 15:50:57 -------- d-----w- c:\users\jeff\appdata\local\{DF98BBDC-F461-4888-BD59-FEF2BC354AE3}

2011-08-12 20:19:02 -------- d-----w- c:\users\jeff\appdata\local\{927A204B-D3A1-46A7-A565-79E61A6D9F1C}

2011-08-12 20:18:41 -------- d-----w- c:\users\jeff\appdata\local\{7E63C30A-7089-4CD1-A8BF-68BBEB16680B}

2011-08-12 16:21:27 -------- d-----w- c:\users\jeff\appdata\local\{E24F6F68-3C9A-4559-92FC-A3C2AF7D676D}

2011-08-12 00:32:56 -------- d-----w- c:\users\jeff\appdata\local\{73C89FB7-BF0D-4BAB-80BD-FBA33C9DB3AD}

2011-08-12 00:32:32 -------- d-----w- c:\users\jeff\appdata\local\{97D0A97B-D4FC-4DF7-96FD-555C45DC1098}

2011-08-11 19:17:33 -------- d-----w- c:\users\jeff\appdata\local\{2959C78A-5E21-4CE4-B554-DCC95B3A0C32}

2011-08-11 19:17:11 -------- d-----w- c:\users\jeff\appdata\local\{BE8C54BA-B58D-464B-A8AD-E53AA1F16817}

2011-08-11 15:19:59 -------- d-----w- c:\users\jeff\appdata\local\{F46CAC64-CBED-4F3C-8A6F-24A9DE242222}

2011-08-11 15:18:14 -------- d-----w- c:\users\jeff\appdata\local\{F36F07C5-4ADF-4D6E-85A5-D8237277F0D2}

2011-08-10 22:47:24 -------- d-----w- c:\users\jeff\appdata\local\{15CE63BE-00E2-400B-8E15-F24341E9D5F5}

2011-08-10 21:51:47 -------- d-----w- c:\users\jeff\appdata\local\{21C71961-77B2-4521-A66C-4B11CC1A8479}

2011-08-10 21:51:26 -------- d-----w- c:\users\jeff\appdata\local\{E425A11C-E19B-429D-A721-67A6ABF5952B}

2011-08-10 19:05:17 -------- d-----w- c:\users\jeff\appdata\local\{4F5836DE-2553-4586-867C-B8EAC045BDA6}

2011-08-10 19:04:53 -------- d-----w- c:\users\jeff\appdata\local\{B112822B-DB71-4882-BEE2-B6F081C77131}

2011-08-10 14:59:17 -------- d-----w- c:\users\jeff\appdata\local\{440FCFEB-70F4-42C5-8782-C10016967ECF}

2011-08-10 14:58:33 -------- d-----w- c:\users\jeff\appdata\local\{BE49CA57-9501-4D1D-9873-88247794A9BB}

2011-08-09 19:13:13 -------- d-----w- c:\users\jeff\appdata\local\{9609BAB9-6253-455C-920C-4D9AD3F5C04A}

2011-08-09 19:12:41 -------- d-----w- c:\users\jeff\appdata\local\{95E838F0-8C82-467F-9EFE-0BB9D55F0792}

2011-08-09 14:19:20 -------- d-----w- c:\users\jeff\appdata\local\{5852E7B4-27D9-4A1B-B67E-6DC56D2DB6DB}

2011-08-09 14:18:41 -------- d-----w- c:\users\jeff\appdata\local\{C1DF09D2-7F01-4A24-B3E1-CB867007559E}

2011-08-08 18:54:52 -------- d-----w- c:\users\jeff\appdata\local\{3D146B0F-7E6E-4BEE-A85D-3B884572EFA1}

2011-08-08 18:54:40 -------- d-----w- c:\users\jeff\appdata\local\{BFF8AB36-2793-4195-BF78-9E9A3BED2E01}

2011-08-08 16:53:20 -------- d-----w- c:\users\jeff\appdata\local\{F56E1569-ECD1-4A97-A171-5637E565FEF0}

2011-08-08 16:52:57 -------- d-----w- c:\users\jeff\appdata\local\{846DBF69-A710-415C-9B03-292267EC4439}

2011-08-08 11:58:11 -------- d-----w- c:\users\jeff\appdata\local\{A8B83924-93DC-4E41-8615-1A27683DF433}

2011-08-08 11:57:56 -------- d-----w- c:\users\jeff\appdata\local\{E2A4064A-A890-4F9E-9461-28025FC73F6D}

2011-08-07 19:14:05 -------- d-----w- c:\users\jeff\appdata\local\{170EA38F-00C4-4036-B582-A49C224C4F68}

2011-08-07 19:13:51 -------- d-----w- c:\users\jeff\appdata\local\{480040F2-7C52-41EF-8A73-0304DC5784C0}

2011-08-07 15:54:27 -------- d-----w- c:\users\jeff\appdata\local\{010AA087-14A1-4CFC-B59F-9F46E04E9371}

2011-08-07 15:53:50 -------- d-----w- c:\users\jeff\appdata\local\{5B0782B1-BD61-498F-81C0-77E5BE9112C0}

2011-08-06 20:49:25 -------- d-----w- c:\users\jeff\appdata\local\{95ACC9E2-3AE7-471C-A6A7-B9754B92AA40}

2011-08-06 20:47:47 -------- d-----w- c:\users\jeff\appdata\local\{AD16F23E-C630-4B9B-9932-2ECC45E50464}

2011-08-06 15:04:34 -------- d-----w- c:\users\jeff\appdata\local\{C9A517A6-4E79-44F7-BC82-B2CD62FD3103}

2011-08-06 15:03:27 -------- d-----w- c:\users\jeff\appdata\local\{457262C0-F1EF-4F1B-8424-A3768AD6EDB6}

2011-08-05 23:42:15 -------- d-----w- c:\users\jeff\appdata\local\{4E25A175-AFA4-4B02-9F27-C2B0815BE686}

2011-08-05 23:41:59 -------- d-----w- c:\users\jeff\appdata\local\{AD0FD14B-231D-47A5-9EDD-CA465A43F3FF}

2011-08-05 18:52:41 -------- d-----w- c:\users\jeff\appdata\local\{1D999DCD-A30B-41ED-8712-1D0DA87AF4F1}

2011-08-05 18:52:02 -------- d-----w- c:\users\jeff\appdata\local\{D2CF8223-6304-42BB-B716-A9912989D4DD}

2011-08-05 16:16:06 -------- d-----w- c:\users\jeff\appdata\local\{3A1D1557-2CB0-4E6F-A1D2-9A3B15F6627E}

2011-08-05 16:14:51 -------- d-----w- c:\users\jeff\appdata\local\{A884E5DF-EA19-4337-A36F-75059C69A98E}

2011-08-04 19:06:32 -------- d-----w- c:\users\jeff\appdata\local\{203A9D0B-80B6-4AE7-ABDB-D02BBAE7294A}

2011-08-04 19:05:55 -------- d-----w- c:\users\jeff\appdata\local\{D5F7C74E-E071-4A38-A42C-4CBDE5E42A9E}

2011-08-04 15:09:45 -------- d-----w- c:\users\jeff\appdata\local\{CEDE6ED5-5E80-4FDF-9D9A-07996DDFA8ED}

2011-08-04 15:08:00 -------- d-----w- c:\users\jeff\appdata\local\{4C559978-706C-413C-ABBE-EBD9FBB5DC3D}

2011-08-03 19:04:40 -------- d-----w- c:\users\jeff\appdata\local\{ACBBC842-488E-47B4-A23A-C97B6962ABF5}

2011-08-03 19:04:03 -------- d-----w- c:\users\jeff\appdata\local\{BF67F9B6-AB6A-44A1-991F-79C9348552A1}

2011-08-03 17:13:45 -------- d-----w- c:\users\jeff\appdata\local\{63761A52-01FB-4D41-81AB-641C7F00BC95}

2011-08-03 17:13:31 -------- d-----w- c:\users\jeff\appdata\local\{F2B3A0A9-4C8E-453C-A46F-752F4DDDBA1E}

2011-08-03 14:41:55 -------- d-----w- c:\users\jeff\appdata\local\{A32F458F-98CA-4039-B697-4B95A3BCA847}

2011-08-03 14:41:34 -------- d-----w- c:\users\jeff\appdata\local\{2A1F069D-D025-45BF-A374-AE5FC67DF4B7}

2011-08-03 03:21:28 -------- d-----w- c:\users\jeff\appdata\local\{14D9D6FE-E6DA-4764-B126-9F48CF74FD38}

2011-08-02 15:20:33 -------- d-----w- c:\users\jeff\appdata\local\{A5DE81DC-886A-428B-9B8C-2313AF192D4F}

2011-08-02 03:00:30 -------- d-----w- c:\users\jeff\appdata\local\{B19BFBCA-DC51-46B3-B1BB-D009F81D514D}

2011-08-01 14:59:49 -------- d-----w- c:\users\jeff\appdata\local\{2DEE788F-1FFE-47C7-A93F-CB55F8683777}

2011-08-01 02:59:12 -------- d-----w- c:\users\jeff\appdata\local\{18B73632-195A-4E06-B8D7-E53CB2D3DCBB}

2011-07-31 14:58:28 -------- d-----w- c:\users\jeff\appdata\local\{55D38408-0226-4E94-9789-0FC47B115ED8}

2011-07-31 02:45:16 -------- d-----w- c:\users\jeff\appdata\local\{CE0EA17D-0FE2-47AB-B175-921143C1D207}

2011-07-30 14:44:39 -------- d-----w- c:\users\jeff\appdata\local\{EC824DA8-FA5E-4078-B146-20AE24ED234D}

2011-07-30 02:44:02 -------- d-----w- c:\users\jeff\appdata\local\{4D02B09D-9EB7-4208-9777-A2495E28491A}

2011-07-29 14:42:38 -------- d-----w- c:\users\jeff\appdata\local\{89F5373A-EAE6-4EFB-B15C-DFD37BD46691}

2011-07-28 17:30:50 -------- d-----w- c:\users\jeff\appdata\local\{2D51118D-FCE3-485A-918C-92166EDB9EC6}

2011-07-28 16:47:46 -------- d-----w- c:\users\jeff\appdata\local\{2A2025FB-5100-401C-B339-9D8D0BAFB023}

2011-07-28 14:32:32 -------- d-----w- c:\users\jeff\appdata\local\{9AA8D397-9896-4DD4-AED3-45297E51B4E5}

2011-07-28 00:56:29 -------- d-----w- c:\users\jeff\appdata\local\{1E607BDC-9514-43FF-A5EF-CE65E21DF5AC}

2011-07-27 12:55:46 -------- d-----w- c:\users\jeff\appdata\local\{3511CCE2-0C7F-4B03-A7F2-B79076EF0F4C}

2011-07-26 18:09:25 -------- d-----w- c:\users\jeff\appdata\local\{A1A0E10D-18ED-4C13-9878-A67FEC2AF3D8}

2011-07-26 14:29:52 -------- d-----w- c:\users\jeff\appdata\local\{052C0558-0E71-4769-A150-1B4C22B78DEC}

2011-07-26 02:20:24 -------- d-----w- c:\users\jeff\appdata\local\{9970076F-21E2-4EC0-8A24-49CF458AA4E3}

2011-07-25 14:19:47 -------- d-----w- c:\users\jeff\appdata\local\{D31ED4CE-53AF-4C66-ABC4-528DD7BFAF77}

2011-07-25 02:19:10 -------- d-----w- c:\users\jeff\appdata\local\{70C8E61F-824A-448E-B858-F6317787648F}

2011-07-24 14:18:19 -------- d-----w- c:\users\jeff\appdata\local\{F9048E57-0930-40A4-8EDE-EFBEE4E7E42C}

2011-07-24 02:17:30 -------- d-----w- c:\users\jeff\appdata\local\{8C6F3007-E7B8-4DA2-8C76-4AC560834CE8}

2011-07-23 14:16:53 -------- d-----w- c:\users\jeff\appdata\local\{CD1C4E61-68C4-4C17-BE65-C6B98D17F0EC}

2011-07-23 02:16:17 -------- d-----w- c:\users\jeff\appdata\local\{CEB602AF-7793-484F-B29B-2BB397750422}

2011-07-22 14:15:40 -------- d-----w- c:\users\jeff\appdata\local\{D8BF8F4D-B10F-41DC-84AC-59862A064ED4}

2011-07-22 02:15:01 -------- d-----w- c:\users\jeff\appdata\local\{D0A3F728-8B9A-45C6-9109-D29D34862E13}

2011-07-21 14:14:22 -------- d-----w- c:\users\jeff\appdata\local\{7C9551BF-BDDE-4F86-BF5D-2FA558792C70}

2011-07-21 02:13:43 -------- d-----w- c:\users\jeff\appdata\local\{70A26D8E-6B96-483D-BECB-452CAEDBC175}

2011-07-20 14:13:06 -------- d-----w- c:\users\jeff\appdata\local\{6ED558ED-1614-45A2-9CF7-4C82B8C7A926}

2011-07-20 02:12:27 -------- d-----w- c:\users\jeff\appdata\local\{2EEB9121-1A44-40ED-B7B9-57E68E54A848}

2011-07-19 14:11:46 -------- d-----w- c:\users\jeff\appdata\local\{0E2B9764-104E-43D7-A3AF-70A7BDAA4DA8}

2011-07-19 00:33:16 -------- d-----w- c:\users\jeff\appdata\local\{57EE3DCB-1580-4058-8519-C5C400882FE7}

2011-07-18 12:32:40 -------- d-----w- c:\users\jeff\appdata\local\{2E78E9A9-B77D-446F-AD2E-18EF25B8CCD8}

.

==================== Find3M ====================

.

2011-07-22 04:54:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-06 23:20:45 285256 ----a-w- c:\windows\system32\guard32.dll

2011-07-06 23:20:44 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-07-06 23:20:44 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-07-06 23:20:43 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-06-24 19:31:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe

2011-06-23 04:33:57 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-06-23 04:33:57 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-06-21 05:34:23 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-21 05:28:33 981504 ----a-w- c:\windows\system32\wininet.dll

2011-06-15 08:55:19 86016 ----a-w- c:\windows\system32\odbccu32.dll

2011-06-15 08:55:19 81920 ----a-w- c:\windows\system32\odbccr32.dll

2011-06-15 08:55:19 319488 ----a-w- c:\windows\system32\odbcjt32.dll

2011-06-15 08:55:19 163840 ----a-w- c:\windows\system32\odbctrac.dll

2011-06-15 08:55:19 122880 ----a-w- c:\windows\system32\odbccp32.dll

2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys

2011-06-04 21:37:57 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2011-06-04 21:37:57 1060864 ----a-w- c:\windows\system32\mfc71.dll

2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

.

============= FINISH: 23:57:49.16 ===============

ark.zip

Attach.zip

[LDTate]

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

Looks like you already downloaded Combofix.

Run a new scan and post the results

[Chasimar]

Alright, here are the new logs as you requested. In addition, there are times my PC freezes out of the blue, I don't hope this is bad news.

DDS log

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Jeff at 19:36:23 on 2011-08-18

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2039.1096 [GMT -4:00]

.

AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\NetLimiter 3\nlsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\NetLimiter 3\NLClientApp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [NetLimiter] c:\program files\netlimiter 3\NLClientApp.exe /tray

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{13A8665C-13A9-47DB-8F3D-A37F39BEA362} : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{13A8665C-13A9-47DB-8F3D-A37F39BEA362}\C696E6B6379737 : DhcpNameServer = 10.0.0.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\jeff\appdata\roaming\mozilla\firefox\profiles\ann0c5cg.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - plugin: c:\windows\system32\npOGPPlugin.dll

FF - plugin: c:\windows\system32\wat\npWatWeb.dll

.

============= SERVICES / DRIVERS ===============

.

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2011-1-6 19088]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 238960]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 37592]

R1 nltdi;nltdi;c:\program files\netlimiter 3\nltdi.sys [2011-3-21 5281672]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-22 22712]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 NLNdisMP;NLNdisMP;c:\windows\system32\drivers\nlndis.sys [2011-3-21 5230088]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\drivers\nlndis.sys [2011-3-21 5230088]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-28 52224]

.

=============== Created Last 30 ================

.

2011-08-18 13:52:43 -------- d-----w- c:\users\jeff\appdata\local\{323CEBA9-4460-408E-B03A-A3607EA09F79}

2011-08-18 13:52:37 -------- d-----w- c:\users\jeff\appdata\local\{0C08BC41-51DB-4813-8B45-B2C82EAB4670}

2011-08-17 16:07:26 -------- d-----w- c:\users\jeff\appdata\local\Adobe

2011-08-17 15:55:07 -------- d-----w- c:\users\jeff\appdata\local\{E09BB758-A414-4CF6-8FD0-56B8D5436F66}

2011-08-17 15:54:45 -------- d-----w- c:\users\jeff\appdata\local\{6CE8F9D0-A12A-45EF-B363-C8F4D616CD5F}

2011-08-17 15:51:58 -------- d-----w- c:\windows\en

2011-08-17 15:42:56 -------- d-----w- c:\users\jeff\appdata\local\{AF04EB84-748C-4E69-BBF1-A45CD8FB2BA7}

2011-08-17 15:42:39 -------- d-----w- c:\users\jeff\appdata\local\{168CC768-C62F-4A5F-BC3F-3BF4C3CCBBBB}

2011-08-17 14:44:07 -------- d-----w- c:\users\jeff\appdata\local\{56F37270-C20B-45DC-85EC-907B789F58C8}

2011-08-16 21:45:11 -------- d-----w- c:\users\jeff\appdata\local\{BE6C1C2B-F053-453A-A4D8-2F06FB649C07}

2011-08-16 21:44:59 -------- d-----w- c:\users\jeff\appdata\local\{DE3F44F4-3565-41A0-971A-993ED1940D09}

2011-08-16 13:40:43 -------- d-----w- c:\users\jeff\appdata\local\{26D03C2E-E4B6-4C4B-ACF2-F4BFAFBE29E6}

2011-08-16 13:39:55 -------- d-----w- c:\users\jeff\appdata\local\{E26B86E2-FAA8-448F-8037-C985B4D9B836}

2011-08-16 00:55:07 -------- d-----w- c:\users\jeff\appdata\local\{AC25232F-61A9-4F00-8402-DF50B66FEC69}

2011-08-16 00:54:45 -------- d-----w- c:\users\jeff\appdata\local\{043005AD-86D1-4F22-AF02-6AFC13491022}

2011-08-15 23:30:53 -------- d-----w- c:\users\jeff\appdata\local\{C0692871-7DC1-449E-88D1-1A5D94AE6ECD}

2011-08-15 23:30:37 -------- d-----w- c:\users\jeff\appdata\local\{CC61C077-FE97-47D3-85FC-8B9E5296C125}

2011-08-15 23:21:00 -------- d-sh--w- C:\$RECYCLE.BIN

2011-08-15 23:04:08 -------- d-----w- c:\users\jeff\appdata\local\{9F196C3C-665C-44B0-B1F7-3ED88BEAB750}

2011-08-15 23:03:53 -------- d-----w- c:\users\jeff\appdata\local\{3AAB2031-8EAC-420F-8DDA-FC105FCC7602}

2011-08-15 22:45:46 -------- d-----w- c:\users\jeff\appdata\local\temp

2011-08-15 22:29:05 98816 ----a-w- c:\windows\sed.exe

2011-08-15 22:29:05 518144 ----a-w- c:\windows\SWREG.exe

2011-08-15 22:29:05 256000 ----a-w- c:\windows\PEV.exe

2011-08-15 22:29:05 208896 ----a-w- c:\windows\MBR.exe

2011-08-15 22:03:57 388096 ----a-r- c:\users\jeff\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-08-15 22:03:57 -------- d-----w- c:\program files\Trend Micro

2011-08-15 18:29:58 -------- d-----w- c:\users\jeff\appdata\roaming\WinPatrol

2011-08-15 18:29:44 -------- d-----w- c:\program files\BillP Studios

2011-08-15 18:24:46 -------- d-----w- c:\users\jeff\appdata\local\{87FD7853-F62F-43FC-8B75-7A6CD4FBF703}

2011-08-15 18:24:18 -------- d-----w- c:\users\jeff\appdata\local\{BC23525B-D3C7-4250-96F0-EDE88D4D60BB}

2011-08-15 14:11:30 -------- d-----w- c:\users\jeff\appdata\local\{6C2B4CE8-0294-4554-956A-D61BEF5121FA}

2011-08-15 14:11:16 -------- d-----w- c:\users\jeff\appdata\local\{8C7BEF02-9420-4BEE-8666-BF0B37E3EB92}

2011-08-15 04:05:52 -------- d-----w- c:\users\jeff\appdata\local\{0FF88B1F-EE54-42CA-B7E0-CD69BE6CC502}

2011-08-15 04:02:36 -------- d-----w- c:\users\jeff\appdata\local\{DC12DB89-AB06-42F7-A973-73D925F16E3C}

2011-08-14 21:21:15 -------- d-----w- c:\users\jeff\appdata\local\{C37B4AE6-0305-44CA-8C23-6F65E467AFB7}

2011-08-14 13:01:52 -------- d-----w- c:\users\jeff\appdata\local\{ECE268D0-8AAB-446E-92D5-0FDFC3046465}

2011-08-14 13:01:35 -------- d-----w- c:\users\jeff\appdata\local\{D269DDBB-C52F-489E-9547-02C58A5BCDBA}

2011-08-13 20:06:55 -------- d-----w- c:\users\jeff\appdata\local\{1DD6824E-753F-423F-947C-0A4DB741760E}

2011-08-13 20:06:32 -------- d-----w- c:\users\jeff\appdata\local\{37032D26-DEE6-4AF8-8E75-F686691D9CF9}

2011-08-13 15:51:15 -------- d-----w- c:\users\jeff\appdata\local\{657EF95E-7529-4C9F-AAC4-6EF5DCD83C09}

2011-08-13 15:50:57 -------- d-----w- c:\users\jeff\appdata\local\{DF98BBDC-F461-4888-BD59-FEF2BC354AE3}

2011-08-12 20:19:02 -------- d-----w- c:\users\jeff\appdata\local\{927A204B-D3A1-46A7-A565-79E61A6D9F1C}

2011-08-12 20:18:41 -------- d-----w- c:\users\jeff\appdata\local\{7E63C30A-7089-4CD1-A8BF-68BBEB16680B}

2011-08-12 16:21:27 -------- d-----w- c:\users\jeff\appdata\local\{E24F6F68-3C9A-4559-92FC-A3C2AF7D676D}

2011-08-12 00:32:56 -------- d-----w- c:\users\jeff\appdata\local\{73C89FB7-BF0D-4BAB-80BD-FBA33C9DB3AD}

2011-08-12 00:32:32 -------- d-----w- c:\users\jeff\appdata\local\{97D0A97B-D4FC-4DF7-96FD-555C45DC1098}

2011-08-11 19:17:33 -------- d-----w- c:\users\jeff\appdata\local\{2959C78A-5E21-4CE4-B554-DCC95B3A0C32}

2011-08-11 19:17:11 -------- d-----w- c:\users\jeff\appdata\local\{BE8C54BA-B58D-464B-A8AD-E53AA1F16817}

2011-08-11 15:19:59 -------- d-----w- c:\users\jeff\appdata\local\{F46CAC64-CBED-4F3C-8A6F-24A9DE242222}

2011-08-11 15:18:14 -------- d-----w- c:\users\jeff\appdata\local\{F36F07C5-4ADF-4D6E-85A5-D8237277F0D2}

2011-08-10 22:47:24 -------- d-----w- c:\users\jeff\appdata\local\{15CE63BE-00E2-400B-8E15-F24341E9D5F5}

2011-08-10 21:51:47 -------- d-----w- c:\users\jeff\appdata\local\{21C71961-77B2-4521-A66C-4B11CC1A8479}

2011-08-10 21:51:26 -------- d-----w- c:\users\jeff\appdata\local\{E425A11C-E19B-429D-A721-67A6ABF5952B}

2011-08-10 19:05:17 -------- d-----w- c:\users\jeff\appdata\local\{4F5836DE-2553-4586-867C-B8EAC045BDA6}

2011-08-10 19:04:53 -------- d-----w- c:\users\jeff\appdata\local\{B112822B-DB71-4882-BEE2-B6F081C77131}

2011-08-10 14:59:17 -------- d-----w- c:\users\jeff\appdata\local\{440FCFEB-70F4-42C5-8782-C10016967ECF}

2011-08-10 14:58:33 -------- d-----w- c:\users\jeff\appdata\local\{BE49CA57-9501-4D1D-9873-88247794A9BB}

2011-08-09 19:13:13 -------- d-----w- c:\users\jeff\appdata\local\{9609BAB9-6253-455C-920C-4D9AD3F5C04A}

2011-08-09 19:12:41 -------- d-----w- c:\users\jeff\appdata\local\{95E838F0-8C82-467F-9EFE-0BB9D55F0792}

2011-08-09 14:19:20 -------- d-----w- c:\users\jeff\appdata\local\{5852E7B4-27D9-4A1B-B67E-6DC56D2DB6DB}

2011-08-09 14:18:41 -------- d-----w- c:\users\jeff\appdata\local\{C1DF09D2-7F01-4A24-B3E1-CB867007559E}

2011-08-08 18:54:52 -------- d-----w- c:\users\jeff\appdata\local\{3D146B0F-7E6E-4BEE-A85D-3B884572EFA1}

2011-08-08 18:54:40 -------- d-----w- c:\users\jeff\appdata\local\{BFF8AB36-2793-4195-BF78-9E9A3BED2E01}

2011-08-08 16:53:20 -------- d-----w- c:\users\jeff\appdata\local\{F56E1569-ECD1-4A97-A171-5637E565FEF0}

2011-08-08 16:52:57 -------- d-----w- c:\users\jeff\appdata\local\{846DBF69-A710-415C-9B03-292267EC4439}

2011-08-08 11:58:11 -------- d-----w- c:\users\jeff\appdata\local\{A8B83924-93DC-4E41-8615-1A27683DF433}

2011-08-08 11:57:56 -------- d-----w- c:\users\jeff\appdata\local\{E2A4064A-A890-4F9E-9461-28025FC73F6D}

2011-08-07 19:14:05 -------- d-----w- c:\users\jeff\appdata\local\{170EA38F-00C4-4036-B582-A49C224C4F68}

2011-08-07 19:13:51 -------- d-----w- c:\users\jeff\appdata\local\{480040F2-7C52-41EF-8A73-0304DC5784C0}

2011-08-07 15:54:27 -------- d-----w- c:\users\jeff\appdata\local\{010AA087-14A1-4CFC-B59F-9F46E04E9371}

2011-08-07 15:53:50 -------- d-----w- c:\users\jeff\appdata\local\{5B0782B1-BD61-498F-81C0-77E5BE9112C0}

2011-08-06 20:49:25 -------- d-----w- c:\users\jeff\appdata\local\{95ACC9E2-3AE7-471C-A6A7-B9754B92AA40}

2011-08-06 20:47:47 -------- d-----w- c:\users\jeff\appdata\local\{AD16F23E-C630-4B9B-9932-2ECC45E50464}

2011-08-06 15:04:34 -------- d-----w- c:\users\jeff\appdata\local\{C9A517A6-4E79-44F7-BC82-B2CD62FD3103}

2011-08-06 15:03:27 -------- d-----w- c:\users\jeff\appdata\local\{457262C0-F1EF-4F1B-8424-A3768AD6EDB6}

2011-08-05 23:42:15 -------- d-----w- c:\users\jeff\appdata\local\{4E25A175-AFA4-4B02-9F27-C2B0815BE686}

2011-08-05 23:41:59 -------- d-----w- c:\users\jeff\appdata\local\{AD0FD14B-231D-47A5-9EDD-CA465A43F3FF}

2011-08-05 18:52:41 -------- d-----w- c:\users\jeff\appdata\local\{1D999DCD-A30B-41ED-8712-1D0DA87AF4F1}

2011-08-05 18:52:02 -------- d-----w- c:\users\jeff\appdata\local\{D2CF8223-6304-42BB-B716-A9912989D4DD}

2011-08-05 16:16:06 -------- d-----w- c:\users\jeff\appdata\local\{3A1D1557-2CB0-4E6F-A1D2-9A3B15F6627E}

2011-08-05 16:14:51 -------- d-----w- c:\users\jeff\appdata\local\{A884E5DF-EA19-4337-A36F-75059C69A98E}

2011-08-04 19:06:32 -------- d-----w- c:\users\jeff\appdata\local\{203A9D0B-80B6-4AE7-ABDB-D02BBAE7294A}

2011-08-04 19:05:55 -------- d-----w- c:\users\jeff\appdata\local\{D5F7C74E-E071-4A38-A42C-4CBDE5E42A9E}

2011-08-04 15:09:45 -------- d-----w- c:\users\jeff\appdata\local\{CEDE6ED5-5E80-4FDF-9D9A-07996DDFA8ED}

2011-08-04 15:08:00 -------- d-----w- c:\users\jeff\appdata\local\{4C559978-706C-413C-ABBE-EBD9FBB5DC3D}

2011-08-03 19:04:40 -------- d-----w- c:\users\jeff\appdata\local\{ACBBC842-488E-47B4-A23A-C97B6962ABF5}

2011-08-03 19:04:03 -------- d-----w- c:\users\jeff\appdata\local\{BF67F9B6-AB6A-44A1-991F-79C9348552A1}

2011-08-03 17:13:45 -------- d-----w- c:\users\jeff\appdata\local\{63761A52-01FB-4D41-81AB-641C7F00BC95}

2011-08-03 17:13:31 -------- d-----w- c:\users\jeff\appdata\local\{F2B3A0A9-4C8E-453C-A46F-752F4DDDBA1E}

2011-08-03 14:41:55 -------- d-----w- c:\users\jeff\appdata\local\{A32F458F-98CA-4039-B697-4B95A3BCA847}

2011-08-03 14:41:34 -------- d-----w- c:\users\jeff\appdata\local\{2A1F069D-D025-45BF-A374-AE5FC67DF4B7}

2011-08-03 03:21:28 -------- d-----w- c:\users\jeff\appdata\local\{14D9D6FE-E6DA-4764-B126-9F48CF74FD38}

2011-08-02 15:20:33 -------- d-----w- c:\users\jeff\appdata\local\{A5DE81DC-886A-428B-9B8C-2313AF192D4F}

2011-08-02 03:00:30 -------- d-----w- c:\users\jeff\appdata\local\{B19BFBCA-DC51-46B3-B1BB-D009F81D514D}

2011-08-01 14:59:49 -------- d-----w- c:\users\jeff\appdata\local\{2DEE788F-1FFE-47C7-A93F-CB55F8683777}

2011-08-01 02:59:12 -------- d-----w- c:\users\jeff\appdata\local\{18B73632-195A-4E06-B8D7-E53CB2D3DCBB}

2011-07-31 14:58:28 -------- d-----w- c:\users\jeff\appdata\local\{55D38408-0226-4E94-9789-0FC47B115ED8}

2011-07-31 02:45:16 -------- d-----w- c:\users\jeff\appdata\local\{CE0EA17D-0FE2-47AB-B175-921143C1D207}

2011-07-30 14:44:39 -------- d-----w- c:\users\jeff\appdata\local\{EC824DA8-FA5E-4078-B146-20AE24ED234D}

2011-07-30 02:44:02 -------- d-----w- c:\users\jeff\appdata\local\{4D02B09D-9EB7-4208-9777-A2495E28491A}

2011-07-29 14:42:38 -------- d-----w- c:\users\jeff\appdata\local\{89F5373A-EAE6-4EFB-B15C-DFD37BD46691}

2011-07-28 17:30:50 -------- d-----w- c:\users\jeff\appdata\local\{2D51118D-FCE3-485A-918C-92166EDB9EC6}

2011-07-28 16:47:46 -------- d-----w- c:\users\jeff\appdata\local\{2A2025FB-5100-401C-B339-9D8D0BAFB023}

2011-07-28 14:32:32 -------- d-----w- c:\users\jeff\appdata\local\{9AA8D397-9896-4DD4-AED3-45297E51B4E5}

2011-07-28 00:56:29 -------- d-----w- c:\users\jeff\appdata\local\{1E607BDC-9514-43FF-A5EF-CE65E21DF5AC}

2011-07-27 12:55:46 -------- d-----w- c:\users\jeff\appdata\local\{3511CCE2-0C7F-4B03-A7F2-B79076EF0F4C}

2011-07-26 18:09:25 -------- d-----w- c:\users\jeff\appdata\local\{A1A0E10D-18ED-4C13-9878-A67FEC2AF3D8}

2011-07-26 14:29:52 -------- d-----w- c:\users\jeff\appdata\local\{052C0558-0E71-4769-A150-1B4C22B78DEC}

2011-07-26 02:20:24 -------- d-----w- c:\users\jeff\appdata\local\{9970076F-21E2-4EC0-8A24-49CF458AA4E3}

2011-07-25 14:19:47 -------- d-----w- c:\users\jeff\appdata\local\{D31ED4CE-53AF-4C66-ABC4-528DD7BFAF77}

2011-07-25 02:19:10 -------- d-----w- c:\users\jeff\appdata\local\{70C8E61F-824A-448E-B858-F6317787648F}

2011-07-24 14:18:19 -------- d-----w- c:\users\jeff\appdata\local\{F9048E57-0930-40A4-8EDE-EFBEE4E7E42C}

2011-07-24 02:17:30 -------- d-----w- c:\users\jeff\appdata\local\{8C6F3007-E7B8-4DA2-8C76-4AC560834CE8}

2011-07-23 14:16:53 -------- d-----w- c:\users\jeff\appdata\local\{CD1C4E61-68C4-4C17-BE65-C6B98D17F0EC}

2011-07-23 02:16:17 -------- d-----w- c:\users\jeff\appdata\local\{CEB602AF-7793-484F-B29B-2BB397750422}

2011-07-22 14:15:40 -------- d-----w- c:\users\jeff\appdata\local\{D8BF8F4D-B10F-41DC-84AC-59862A064ED4}

2011-07-22 02:15:01 -------- d-----w- c:\users\jeff\appdata\local\{D0A3F728-8B9A-45C6-9109-D29D34862E13}

2011-07-21 14:14:22 -------- d-----w- c:\users\jeff\appdata\local\{7C9551BF-BDDE-4F86-BF5D-2FA558792C70}

2011-07-21 02:13:43 -------- d-----w- c:\users\jeff\appdata\local\{70A26D8E-6B96-483D-BECB-452CAEDBC175}

2011-07-20 14:13:06 -------- d-----w- c:\users\jeff\appdata\local\{6ED558ED-1614-45A2-9CF7-4C82B8C7A926}

2011-07-20 02:12:27 -------- d-----w- c:\users\jeff\appdata\local\{2EEB9121-1A44-40ED-B7B9-57E68E54A848}

.

==================== Find3M ====================

.

2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-06 23:20:45 285256 ----a-w- c:\windows\system32\guard32.dll

2011-07-06 23:20:44 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-07-06 23:20:44 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-07-06 23:20:43 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-06-24 19:31:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe

2011-06-23 04:33:57 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-06-23 04:33:57 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-06-21 05:34:23 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-15 08:55:19 86016 ----a-w- c:\windows\system32\odbccu32.dll

2011-06-15 08:55:19 81920 ----a-w- c:\windows\system32\odbccr32.dll

2011-06-15 08:55:19 319488 ----a-w- c:\windows\system32\odbcjt32.dll

2011-06-15 08:55:19 163840 ----a-w- c:\windows\system32\odbctrac.dll

2011-06-15 08:55:19 122880 ----a-w- c:\windows\system32\odbccp32.dll

2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys

2011-06-04 21:37:57 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2011-06-04 21:37:57 1060864 ----a-w- c:\windows\system32\mfc71.dll

2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

.

============= FINISH: 19:40:24.10 ===============

DDS (Ver_2011-06-23.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 22-Apr-11 9:24:59 PM

System Uptime: 18-Aug-11 7:17:30 PM (0 hours ago)

.

Motherboard: Hewlett-Packard | | 30D5

Processor: Intel® Core Duo CPU T2700 @ 2.33GHz | U10 | 979/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 112 GiB total, 58.763 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP107: 14-Aug-11 11:57:57 AM - Scheduled Checkpoint

RP108: 15-Aug-11 2:01:12 PM - Windows Modules Installer

RP109: 15-Aug-11 5:15:58 PM - CheckIfInstallerIsBusy

RP110: 15-Aug-11 6:03:28 PM - Installed HiJackThis

RP111: 15-Aug-11 6:24:35 PM - Installed Java 6 Update 26

RP112: 16-Aug-11 5:46:13 PM - Windows Update

RP113: 17-Aug-11 11:44:45 AM - CheckIfInstallerIsBusy

RP115: 17-Aug-11 11:46:09 AM - Windows Live Essentials

RP117: 17-Aug-11 11:47:05 AM - Installed DirectX

RP119: 17-Aug-11 11:47:32 AM - Installed DirectX

RP120: 17-Aug-11 11:49:08 AM - WLSetup

.

==== Installed Programs ======================

.

7-Zip 9.20

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.1.0)

Adobe Shockwave Player 11.5

Apple Software Update

Artech 1.0.4.4

CCleaner

COMODO Internet Security

D3DX10

Gamepower7 1.0.5.17

HiJackThis

Intel® Graphics Media Accelerator Driver

Intel® Network Connections Drivers

Java Auto Updater

Java 6 Update 26

Kicks_Online

Malwarebytes' Anti-Malware version 1.51.1.1800

Microsoft Application Error Reporting

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 6.0 (x86 en-US)

MSVCRT

NetLimiter 3

OpenOffice.org 3.3

Spybot - Search & Destroy

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

18-Aug-11 7:18:02 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

18-Aug-11 7:17:48 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

.

==== End Of File ===========================

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-08-18 20:12:26

Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD1200BEVS-60UST0 rev.01.01A01

Running: wgd9dl1w.exe; Driver: C:\Users\Jeff\AppData\Local\Temp\pxldypog.sys

[Chasimar]

(second part)

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-08-18 20:12:26

Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD1200BEVS-60UST0 rev.01.01A01

Running: wgd9dl1w.exe; Driver: C:\Users\Jeff\AppData\Local\Temp\pxldypog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x88ECBDA4]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x88ECD34C]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x88ECBF90]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x88ECB0CE]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x88ECBA0A]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x88ECAFAE]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x88ECB79E]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x88ECCFDE]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x88ECA99A]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x88ECC09E]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x88ECC9EE]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x88ECB396]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x88ECBBE6]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x88ECB63A]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x88ECC48A]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x88ECC73E]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x88ECCCE6]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x88ECB300]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x88ECB526]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x88ECADB0]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x88ECAB9E]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82A7C349 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB5D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82ABCD8C 4 Bytes [A4, BD, EC, 88]

.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82ABCDB4 8 Bytes [4C, D3, EC, 88, 90, BF, EC, ...]

.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82ABCE48 4 Bytes [CE, B0, EC, 88]

.text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 82ABCE64 4 Bytes [0A, BA, EC, 88]

.text ntkrnlpa.exe!KeRemoveQueueEx + 11DB 82ABCE90 4 Bytes [AE, AF, EC, 88]

.text ...

PAGE spsys.sys!?SPRevision@@3PADA + 4F90 87E2F000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 50B3 87E2F123 629 Bytes [A5, E2, 87, FE, 05, 34, A5, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 5329 87E2F399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 538F 87E2F3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 543B 87E2F4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]

PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\wininit.exe[456] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\wininit.exe[456] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\wininit.exe[456] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\wininit.exe[456] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\wininit.exe[456] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\wininit.exe[456] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\wininit.exe[456] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\wininit.exe[456] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\services.exe[508] ntdll.dll!NtAlpcSendWaitReceivePort 77565418 5 Bytes JMP 100285D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\services.exe[508] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\services.exe[508] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\services.exe[508] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\services.exe[508] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\services.exe[508] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\services.exe[508] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\services.exe[508] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\services.exe[508] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\lsass.exe[516] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\lsass.exe[516] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\lsass.exe[516] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\lsass.exe[516] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\lsass.exe[516] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\lsass.exe[516] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\lsass.exe[516] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\lsass.exe[516] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\lsm.exe[524] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\lsm.exe[524] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\lsm.exe[524] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\lsm.exe[524] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\lsm.exe[524] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\lsm.exe[524] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\lsm.exe[524] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\lsm.exe[524] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[676] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[676] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[676] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[676] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[676] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[676] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[676] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[676] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[756] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[756] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[756] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[756] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[756] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[756] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[756] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[756] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[804] ntdll.dll!NtAllocateVirtualMemory 775652D8 5 Bytes JMP 005190B0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[804] ntdll.dll!NtCreateFile 775655C8 5 Bytes JMP 00531040 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[888] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[888] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[888] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[888] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[888] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\svchost.exe[932] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\svchost.exe[932] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\svchost.exe[932] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\svchost.exe[932] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\svchost.exe[932] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\svchost.exe[932] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\svchost.exe[932] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\svchost.exe[932] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\svchost.exe[932] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\svchost.exe[932] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Users\Jeff\Downloads\dds.scr[968] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Users\Jeff\Downloads\dds.scr[968] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Users\Jeff\Downloads\dds.scr[968] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Users\Jeff\Downloads\dds.scr[968] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Users\Jeff\Downloads\dds.scr[968] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Users\Jeff\Downloads\dds.scr[968] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Users\Jeff\Downloads\dds.scr[968] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Users\Jeff\Downloads\dds.scr[968] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Users\Jeff\Downloads\dds.scr[968] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Users\Jeff\Downloads\dds.scr[968] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\svchost.exe[972] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\svchost.exe[972] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\svchost.exe[972] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\svchost.exe[972] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\svchost.exe[972] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\svchost.exe[972] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1008] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1008] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1008] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\AUDIODG.EXE[1092] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\AUDIODG.EXE[1092] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\AUDIODG.EXE[1092] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\AUDIODG.EXE[1092] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\AUDIODG.EXE[1092] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\AUDIODG.EXE[1092] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\AUDIODG.EXE[1092] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\AUDIODG.EXE[1092] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\AUDIODG.EXE[1092] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\AUDIODG.EXE[1092] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1104] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1104] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1104] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1104] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1104] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1104] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1104] ADVAPI32.dll!CreateProcessAsUserA

[Chasimar]

Third part

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1104] USER32.dll!GetWindowInfo 76EC4B5E 5 Bytes JMP 67461BD2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1104] USER32.dll!TrackPopupMenu 76ED2228 5 Bytes JMP 6746219D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1104] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1104] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1104] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1184] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1184] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1184] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1184] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1184] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1184] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\spoolsv.exe[1500] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\spoolsv.exe[1500] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\spoolsv.exe[1500] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\spoolsv.exe[1500] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\spoolsv.exe[1500] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\spoolsv.exe[1500] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\spoolsv.exe[1500] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\spoolsv.exe[1500] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\spoolsv.exe[1500] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\spoolsv.exe[1500] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1528] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1528] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1528] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1528] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1528] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1528] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\NetLimiter 3\nlsvc.exe[1616] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\NetLimiter 3\nlsvc.exe[1616] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\NetLimiter 3\nlsvc.exe[1616] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\NetLimiter 3\nlsvc.exe[1616] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\NetLimiter 3\nlsvc.exe[1616] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\NetLimiter 3\nlsvc.exe[1616] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\NetLimiter 3\nlsvc.exe[1616] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\NetLimiter 3\nlsvc.exe[1616] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\NetLimiter 3\nlsvc.exe[1616] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\NetLimiter 3\nlsvc.exe[1616] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1664] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1664] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1664] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1664] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1756] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1756] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1756] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1756] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1756] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1756] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1756] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1756] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1756] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1756] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\cmd.exe[1804] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\cmd.exe[1804] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\cmd.exe[1804] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\cmd.exe[1804] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\cmd.exe[1804] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\cmd.exe[1804] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\cmd.exe[1804] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\cmd.exe[1804] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1836] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1836] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1836] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1836] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1836] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1836] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1836] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1836] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1916] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1916] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1916] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1916] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1916] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1916] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1916] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1916] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1916] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1916] advapi32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1940] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1940] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1940] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1940] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1940] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1940] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1940] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1940] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1940] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[1940] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\taskhost.exe[2072] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\taskhost.exe[2072] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\taskhost.exe[2072] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\taskhost.exe[2072] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\taskhost.exe[2072] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\taskhost.exe[2072] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\taskhost.exe[2072] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\taskhost.exe[2072] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\taskhost.exe[2072] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\taskhost.exe[2072] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\Dwm.exe[2136] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\Dwm.exe[2136] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\Dwm.exe[2136] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\Dwm.exe[2136] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\Dwm.exe[2136] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\Dwm.exe[2136] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\Dwm.exe[2136] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\Dwm.exe[2136] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\Dwm.exe[2136] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\Dwm.exe[2136] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Users\Jeff\Downloads\wgd9dl1w.exe[2152] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Users\Jeff\Downloads\wgd9dl1w.exe[2152] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Users\Jeff\Downloads\wgd9dl1w.exe[2152] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Users\Jeff\Downloads\wgd9dl1w.exe[2152] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Users\Jeff\Downloads\wgd9dl1w.exe[2152] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Users\Jeff\Downloads\wgd9dl1w.exe[2152] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Users\Jeff\Downloads\wgd9dl1w.exe[2152] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Users\Jeff\Downloads\wgd9dl1w.exe[2152] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Users\Jeff\Downloads\wgd9dl1w.exe[2152] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Users\Jeff\Downloads\wgd9dl1w.exe[2152] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\Explorer.EXE[2200] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\Explorer.EXE[2200] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\Explorer.EXE[2200] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\Explorer.EXE[2200] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\Explorer.EXE[2200] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\Explorer.EXE[2200] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\Explorer.EXE[2200] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\Explorer.EXE[2200] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\Explorer.EXE[2200] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\Explorer.EXE[2200] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\conhost.exe[2448] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\conhost.exe[2448] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\conhost.exe[2448] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\conhost.exe[2448] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\conhost.exe[2448] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\conhost.exe[2448] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\conhost.exe[2448] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\conhost.exe[2448] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\conhost.exe[2448] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\conhost.exe[2448] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\igfxtray.exe[2528] ntdll.dll!NtClose 775654C8 5 Bytes JMP 0116CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\igfxtray.exe[2528] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 0116CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\igfxtray.exe[2528] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 01175680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\igfxtray.exe[2528] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 011726F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\igfxtray.exe[2528] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 01173280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\igfxtray.exe[2528] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 01171220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\igfxtray.exe[2528] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 0117DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\igfxtray.exe[2528] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 01171B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\igfxtray.exe[2528] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 0117E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\igfxtray.exe[2528] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 0117E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\hkcmd.exe[2540] ntdll.dll!NtClose 775654C8 5 Bytes JMP 0115CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\hkcmd.exe[2540] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 0115CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\hkcmd.exe[2540] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 01165680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\hkcmd.exe[2540] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 011626F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\hkcmd.exe[2540] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 01163280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\hkcmd.exe[2540] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 01161220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\hkcmd.exe[2540] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 0116DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\hkcmd.exe[2540] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 01161B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\hkcmd.exe[2540] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 0116E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\hkcmd.exe[2540] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 0116E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\igfxsrvc.exe[2580] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\igfxsrvc.exe[2580] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\igfxsrvc.exe[2580] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\igfxsrvc.exe[2580] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\igfxsrvc.exe[2580] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\igfxsrvc.exe[2580] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\igfxsrvc.exe[2580] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\igfxsrvc.exe[2580] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\igfxsrvc.exe[2580] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\igfxsrvc.exe[2580] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\igfxpers.exe[2588] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\igfxpers.exe[2588] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\igfxpers.exe[2588] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\igfxpers.exe[2588] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\igfxpers.exe[2588] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\igfxpers.exe[2588] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\igfxpers.exe[2588] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\igfxpers.exe[2588] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\igfxpers.exe[2588] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\System32\igfxpers.exe[2588] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2608] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2608] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2608] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2608] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2608] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2608] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2608] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2608] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2608] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2608] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2640] ntdll.dll!NtAllocateVirtualMemory 775652D8 5 Bytes JMP 0074CB10 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

[Chasimar]

Fourth part

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2676] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2676] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2676] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2676] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2676] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2676] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2676] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2676] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2732] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2732] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2732] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2732] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2732] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2732] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2732] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2732] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2732] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2732] advapi32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\taskhost.exe[2856] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\taskhost.exe[2856] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\taskhost.exe[2856] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\taskhost.exe[2856] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\taskhost.exe[2856] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\taskhost.exe[2856] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\taskhost.exe[2856] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\taskhost.exe[2856] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\taskhost.exe[2856] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\taskhost.exe[2856] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] ntdll.dll!NtAllocateVirtualMemory 775652D8 5 Bytes JMP 10027E50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] ntdll.dll!NtCreateFile 775655C8 5 Bytes JMP 10027E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] ntdll.dll!NtCreateProcess 77565698 5 Bytes JMP 10027ED0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] ntdll.dll!NtCreateProcessEx 775656A8 5 Bytes JMP 10027EB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] ntdll.dll!NtDeleteFile 77565808 5 Bytes JMP 10027E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] ntdll.dll!NtFreeVirtualMemory 775659D8 5 Bytes JMP 100274E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] ntdll.dll!NtLoadDriver 77565B58 5 Bytes JMP 10027E30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] ntdll.dll!NtOpenFile 77565CD8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] ntdll.dll!NtProtectVirtualMemory 77565F18 5 Bytes JMP 10027490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] ntdll.dll!NtSetInformationProcess 77566678 5 Bytes JMP 10027DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] ntdll.dll!NtUnloadDriver 77566958 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] ntdll.dll!NtWriteVirtualMemory 77566A98 5 Bytes JMP 10027E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] ntdll.dll!KiUserExceptionDispatcher 77567008 5 Bytes JMP 100277A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] ntdll.dll!RtlAllocateHeap 77572DD6 5 Bytes JMP 10027530 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] ntdll.dll!LdrGetProcedureAddress 7758228D 5 Bytes JMP 10027D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!CopyFileW 761B6AF7 5 Bytes JMP 10027C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!CopyFileExW 761BB238 7 Bytes JMP 10027C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!DeleteFileW 761C16EF 5 Bytes JMP 10027B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!VirtualProtect 761C2BCD 5 Bytes JMP 10027A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!DeleteFileA 761C4382 5 Bytes JMP 10027B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!LoadLibraryExA 761C4466 5 Bytes JMP 10027D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!LoadLibraryExW 761C5079 5 Bytes JMP 10027D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!MoveFileWithProgressW 761C8D8C 5 Bytes JMP 10027B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!MoveFileExW 761C8DB0 5 Bytes JMP 10027BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!GetProcAddress 761CCC94 5 Bytes JMP 10027D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!GetModuleHandleW 761CCCAC 5 Bytes JMP 10027AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!GetModuleHandleA 761CD8F3 5 Bytes JMP 10027B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!LoadLibraryA 761CDC65 5 Bytes JMP 10027AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!CreateFileW 761CE8A5 5 Bytes JMP 10027CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!CreateFileA 761CEA61 5 Bytes JMP 10027CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!LoadLibraryW 761CEF42 5 Bytes JMP 10027AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!OpenFile 761DD54F 5 Bytes JMP 10027CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!MoveFileExA 761E3F78 5 Bytes JMP 10027BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!MoveFileWithProgressA 761E3F98 5 Bytes JMP 10027B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!CopyFileA 761E6D5A 5 Bytes JMP 10027C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!MoveFileW 761E6ED6 5 Bytes JMP 10027BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!MoveFileA 7620BF49 5 Bytes JMP 10027C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!CopyFileExA 7620CDA1 5 Bytes JMP 10027C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!WinExec 7620EDB2 5 Bytes JMP 10027A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] kernel32.dll!LoadModule 7620F29D 5 Bytes JMP 10027D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] WS2_32.dll!WSASocketW 770B3CD3 7 Bytes JMP 10027970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] WS2_32.dll!WSASocketA 770BC82A 5 Bytes JMP 10027990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] SHELL32.dll!ShellExecuteW 76273C71 5 Bytes JMP 10027A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] SHELL32.dll!ShellExecuteExW 76281E46 5 Bytes JMP 100279F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] SHELL32.dll!ShellExecuteEx 764A6FDD 5 Bytes JMP 10027A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] SHELL32.dll!ShellExecuteA 764A7078 5 Bytes JMP 10027A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] WININET.dll!InternetConnectA 75B35456 5 Bytes JMP 100279D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2884] WININET.dll!InternetConnectW 75B35AD2 5 Bytes JMP 100279B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\NetLimiter 3\NLClientApp.exe[2936] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\NetLimiter 3\NLClientApp.exe[2936] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\NetLimiter 3\NLClientApp.exe[2936] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\NetLimiter 3\NLClientApp.exe[2936] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\NetLimiter 3\NLClientApp.exe[2936] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\NetLimiter 3\NLClientApp.exe[2936] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\NetLimiter 3\NLClientApp.exe[2936] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\NetLimiter 3\NLClientApp.exe[2936] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\NetLimiter 3\NLClientApp.exe[2936] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\NetLimiter 3\NLClientApp.exe[2936] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\SearchIndexer.exe[2980] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\SearchIndexer.exe[2980] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\SearchIndexer.exe[2980] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\SearchIndexer.exe[2980] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\SearchIndexer.exe[2980] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\SearchIndexer.exe[2980] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\SearchIndexer.exe[2980] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\SearchIndexer.exe[2980] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\SearchIndexer.exe[2980] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\SearchIndexer.exe[2980] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[3148] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[3148] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[3148] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[3148] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[3148] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[3148] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[3148] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[3148] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[3148] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[3148] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] ntdll.dll!NtAllocateVirtualMemory 775652D8 5 Bytes JMP 10027E50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] ntdll.dll!NtCreateFile 775655C8 5 Bytes JMP 10027E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] ntdll.dll!NtCreateProcess 77565698 5 Bytes JMP 10027ED0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] ntdll.dll!NtCreateProcessEx 775656A8 5 Bytes JMP 10027EB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] ntdll.dll!NtDeleteFile 77565808 5 Bytes JMP 10027E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] ntdll.dll!NtFreeVirtualMemory 775659D8 5 Bytes JMP 100274E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] ntdll.dll!NtLoadDriver 77565B58 5 Bytes JMP 10027E30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] ntdll.dll!NtOpenFile 77565CD8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] ntdll.dll!NtProtectVirtualMemory 77565F18 5 Bytes JMP 10027490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] ntdll.dll!NtSetInformationProcess 77566678 5 Bytes JMP 10027DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] ntdll.dll!NtUnloadDriver 77566958 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] ntdll.dll!NtWriteVirtualMemory 77566A98 5 Bytes JMP 10027E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] ntdll.dll!KiUserExceptionDispatcher 77567008 5 Bytes JMP 100277A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] ntdll.dll!RtlAllocateHeap 77572DD6 5 Bytes JMP 10027530 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] ntdll.dll!LdrGetProcedureAddress 7758228D 5 Bytes JMP 10027D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!CopyFileW 761B6AF7 5 Bytes JMP 10027C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!CopyFileExW 761BB238 7 Bytes JMP 10027C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!DeleteFileW 761C16EF 5 Bytes JMP 10027B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!VirtualProtect 761C2BCD 5 Bytes JMP 10027A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!DeleteFileA 761C4382 5 Bytes JMP 10027B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!LoadLibraryExA 761C4466 5 Bytes JMP 10027D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!LoadLibraryExW 761C5079 5 Bytes JMP 10027D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!MoveFileWithProgressW 761C8D8C 5 Bytes JMP 10027B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!MoveFileExW 761C8DB0 5 Bytes JMP 10027BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!GetProcAddress 761CCC94 5 Bytes JMP 10027D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!GetModuleHandleW 761CCCAC 5 Bytes JMP 10027AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!GetModuleHandleA 761CD8F3 5 Bytes JMP 10027B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!LoadLibraryA 761CDC65 5 Bytes JMP 10027AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!CreateFileW 761CE8A5 5 Bytes JMP 10027CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!CreateFileA 761CEA61 5 Bytes JMP 10027CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!LoadLibraryW 761CEF42 5 Bytes JMP 10027AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!OpenFile 761DD54F 5 Bytes JMP 10027CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!MoveFileExA 761E3F78 5 Bytes JMP 10027BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!MoveFileWithProgressA 761E3F98 5 Bytes JMP 10027B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!CopyFileA 761E6D5A 5 Bytes JMP 10027C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!MoveFileW 761E6ED6 5 Bytes JMP 10027BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!MoveFileA 7620BF49 5 Bytes JMP 10027C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!CopyFileExA 7620CDA1 5 Bytes JMP 10027C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!WinExec 7620EDB2 5 Bytes JMP 10027A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] kernel32.dll!LoadModule 7620F29D 5 Bytes JMP 10027D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] WS2_32.dll!WSASocketW 770B3CD3 7 Bytes JMP 10027970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] WS2_32.dll!WSASocketA 770BC82A 5 Bytes JMP 10027990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] USER32.dll!GetWindowInfo 76EC4B5E 5 Bytes JMP 67468C14 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] SHELL32.dll!ShellExecuteW 76273C71 5 Bytes JMP 10027A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] SHELL32.dll!ShellExecuteExW 76281E46 5 Bytes JMP 100279F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] SHELL32.dll!ShellExecuteEx 764A6FDD 5 Bytes JMP 10027A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] SHELL32.dll!ShellExecuteA 764A7078 5 Bytes JMP 10027A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3216] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3700] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3700] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3700] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3700] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3700] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3700] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3700] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3700] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3700] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3700] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\sppsvc.exe[3844] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\sppsvc.exe[3844] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\sppsvc.exe[3844] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\sppsvc.exe[3844] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\sppsvc.exe[3844] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\sppsvc.exe[3844] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\sppsvc.exe[3844] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\sppsvc.exe[3844] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\sppsvc.exe[3844] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\sppsvc.exe[3844] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3868] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3868] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3868] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3868] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3868] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3868] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3868] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3868] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3868] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3868] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3924] ntdll.dll!NtClose 775654C8 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3924] ntdll.dll!LdrUnloadDll 7757C8DE 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3924] ntdll.dll!LdrLoadDll 775822B8 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3924] kernel32.dll!CreateProcessW 7618204D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3924] kernel32.dll!CreateProcessA 76182082 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3924] kernel32.dll!CreateProcessAsUserW 761B59AF 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3924] ADVAPI32.dll!CreateProcessAsUserA 75A02538 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3924] USER32.dll!EndTask 76EFFD66 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3924] ole32.dll!CoGetClassObject 773F54AD 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3924] ole32.dll!CoCreateInstanceEx 77409D4E 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \Driver\mbr \Device\mbr 87E97CDE

---- Files - GMER 1.0.15 ----

File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes

File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes

---- EOF - GMER 1.0.15 ----

[Chasimar]

There are now several sites blocked that I used to visit normally, I don't know how this could be caused, please help me.

[LDTate]

I was looking for a Combofix scan.

Please do not attach the scan results from Combofx. Use copy/paste.

DO NOT use any TOOLS such as Combofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

• If you use Firefox browser
  Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
• Double click on ComboFix.exe & follow the prompts.
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  Note: If you have SP3, use the SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

[Chasimar]

Alright, I ran Combofix with everything disabled.

ComboFix 11-08-18.03 - Jeff 19-Aug-11 10:26:22.4.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2039.1251 [GMT -4:00]

Running from: c:\users\Jeff\Desktop\ComboFix.exe

AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}

FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-07-19 to 2011-08-19 )))))))))))))))))))))))))))))))

.

.

2011-08-19 14:33 . 2011-08-19 14:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-19 03:34 . 2011-08-19 03:34 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-08-19 03:31 . 2011-08-19 06:00 -------- dc----w- c:\windows\system32\DRVSTORE

2011-08-19 03:30 . 2011-08-19 06:00 -------- d-----w- c:\programdata\Lavasoft

2011-08-17 15:51 . 2011-08-18 23:49 -------- d-----w- c:\windows\en

2011-08-15 22:45 . 2011-08-19 14:33 -------- d-----w- c:\users\Jeff\AppData\Local\temp

2011-08-15 22:03 . 2011-08-15 22:03 388096 ----a-r- c:\users\Jeff\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-15 22:03 . 2011-08-15 22:03 -------- d-----w- c:\program files\Trend Micro

2011-08-15 18:29 . 2011-08-15 18:33 -------- d-----w- c:\users\Jeff\AppData\Roaming\WinPatrol

2011-08-15 18:29 . 2011-08-15 18:29 -------- d-----w- c:\program files\BillP Studios

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-17 18:16 . 2011-03-28 22:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-07-06 23:52 . 2011-04-23 01:31 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2011-04-23 01:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-06 23:20 . 2011-01-06 21:36 82400 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-07-06 23:20 . 2010-12-29 05:42 285256 ----a-w- c:\windows\system32\guard32.dll

2011-07-06 23:20 . 2011-01-06 21:36 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-07-06 23:20 . 2011-01-06 21:36 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-07-06 23:20 . 2011-01-06 21:36 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-06-24 19:31 . 2011-06-24 19:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-11 02:29 . 2011-07-13 13:47 2334208 ----a-w- c:\windows\system32\win32k.sys

2011-06-04 21:37 . 2011-06-04 21:37 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2011-06-04 21:37 . 2011-06-04 21:37 1060864 ----a-w- c:\windows\system32\mfc71.dll

2011-05-24 10:44 . 2011-06-29 14:08 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-08-18 02:28 . 2011-04-23 02:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]

"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 1839104]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-07-06 2554696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\guard32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

R3 Nbdrv;NetBalancer Service;c:\windows\system32\DRIVERS\nbdrv.sys [x]

R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 5230088]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-09-15 4189272]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-23 1343400]

R3 XDva386;XDva386;c:\windows\system32\XDva386.sys [x]

S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-07-06 19088]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-07-06 238960]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-07-06 37592]

S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2011-03-21 5281672]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 5230088]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

.

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\ann0c5cg.default\

FF - prefs.js: network.proxy.type - 0

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(524)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'Explorer.exe'(3300)

c:\windows\system32\guard32.dll

.

Completion time: 2011-08-19 10:36:07

ComboFix-quarantined-files.txt 2011-08-19 14:36

.

Pre-Run: 62,236,418,048 bytes free

Post-Run: 62,159,147,008 bytes free

.

- - End Of File - - 2FD691ED9C07FEB1884D24B659F27DE1

[LDTate]

That looks good to me.

How's it running?

[Chasimar]

It's running fine so far, thanks!

There is a last question I have, though.

Since my Facebook account got hacked three weeks ago, I feared there might be a keylogger on the system. Is there a way to detect those if they don't leave behind any logs?

[LDTate]

We can see if a online scan finds anything.

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!