GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-12-26 20:59:41 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3120026A rev.3.06 Running: 7ronqepo.exe; Driver: D:\DOCUME~1\EMILA~1.B-0\USTAWI~1\Temp\agloifoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB8C74FC4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB8CD9510] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB8C986A9] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB8C77456] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB8C774AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB8C775C4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB8C9805D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB8C773AC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB8C774FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB8C77400] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB8C77572] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB8C74FE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB8C98D6F] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB8C99025] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB8C77848] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB8C98BDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB8C98A45] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB8CD95C0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB8C74DB2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB8C7500C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB8C779BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB8C75AA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB8C77486] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB8C774D6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB8C775EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB8C983B9] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB8C773D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB8C77680] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB8C7753E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB8C7742E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB8C77764] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB8C7759C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB8CD9658] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB8C988C0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB8C7596A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB8C98712] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB8CE19E6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB8C976D0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB8C75030] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB8C75054] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB8C74E0C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB8C74F48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB8C98E76] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB8C74F24] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB8C74F6C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB8C75078] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB8CED7A2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 140 804E27AC 4 Bytes [E8, 4F, C7, B8] PAGE ntoskrnl.exe!ObInsertObject 80564423 5 Bytes JMP B8CEC15C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80569FBB 4 Bytes CALL B8C7600F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 805820F6 7 Bytes JMP B8CED7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A29A4 5 Bytes JMP B8CEA69C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngPaint + 4EF BF8255ED 5 Bytes JMP B8C77B9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + EE3F BF841181 5 Bytes JMP B8C77C0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + DE42 BF85AD4E 5 Bytes JMP B8C77AD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3474 BF87111B 5 Bytes JMP B8C77DE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 34FF BF8711A6 5 Bytes JMP B8C77FBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 411E BF894CB8 5 Bytes JMP B8C77F76 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 34B7 BF8BA260 5 Bytes JMP B8C77ABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 3E8 BF8C333C 5 Bytes JMP B8C77CA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8EB97D 5 Bytes JMP B8C77D14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8EBBFD 5 Bytes JMP B8C77D4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F9A43 5 Bytes JMP B8C779F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 19C1 BF913245 5 Bytes JMP B8C77B56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2595 BF913E19 5 Bytes JMP B8C77C6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4EF4 BF916778 5 Bytes JMP B8C780D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text D:\WINDOWS\system32\svchost.exe[440] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[440] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[440] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[440] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[440] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10021220 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10021B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[440] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002DF90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[440] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E410 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[440] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E1D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[536] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003CCE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[536] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003D5680 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[536] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[536] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 003CCF60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[536] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 003D26F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[536] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 003D3280 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[536] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[536] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 003D1220 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[536] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 003D1B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[536] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 003DDF90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[536] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 003DE410 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[536] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 003DE1D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\smss.exe[576] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0074CB10 D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\WINDOWS\system32\csrss.exe[636] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\WINDOWS\system32\csrss.exe[636] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\WINDOWS\system32\services.exe[704] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[704] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10028AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[704] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 10028860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[704] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[704] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\WINDOWS\system32\services.exe[704] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10021220 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10021B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[704] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002DF90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[704] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E410 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[704] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E1D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[716] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[716] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[716] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\WINDOWS\system32\lsass.exe[716] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10021220 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10021B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[716] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002DF90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[716] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E410 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[716] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E1D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\AVAST Software\Avast\avastUI.exe[720] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\AVAST Software\Avast\avastUI.exe[720] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\AVAST Software\Avast\avastUI.exe[720] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\Program Files\AVAST Software\Avast\avastUI.exe[720] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\AVAST Software\Avast\avastUI.exe[720] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\AVAST Software\Avast\avastUI.exe[720] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\AVAST Software\Avast\avastUI.exe[720] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\Program Files\AVAST Software\Avast\avastUI.exe[720] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10021220 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\AVAST Software\Avast\avastUI.exe[720] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10021B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\AVAST Software\Avast\avastUI.exe[720] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002DF90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\AVAST Software\Avast\avastUI.exe[720] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E410 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\AVAST Software\Avast\avastUI.exe[720] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E1D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[864] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[864] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[864] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[864] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[864] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[864] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[864] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10021220 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10021B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[864] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002DF90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[864] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E410 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[864] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E1D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[896] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[896] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[896] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\WINDOWS\system32\ctfmon.exe[896] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[896] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[896] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[896] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\WINDOWS\system32\ctfmon.exe[896] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10021220 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[896] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10021B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[896] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002DF90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[896] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E410 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[896] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E1D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[908] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10021220 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10021B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002DF90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E410 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E1D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10021220 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10021B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1048] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002DF90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1048] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E410 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1048] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E1D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1072] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1072] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1072] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1072] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1072] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1072] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1072] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1072] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002DF90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1072] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10021220 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1072] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10021B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10021220 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10021B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1124] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002DF90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1124] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E410 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1124] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E1D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10021220 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10021B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1200] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002DF90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1200] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E410 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1200] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E1D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10021220 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10021B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1308] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002DF90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1308] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E410 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1308] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E1D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1352] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 03DFCE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1352] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 03E05680 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1352] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1352] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 03DFCF60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1352] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 03E026F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1352] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 03E03280 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1352] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1352] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 03E0DF90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1352] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 03E01220 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1352] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 03E01B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1352] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 03E0E410 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1352] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 03E0E1D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10021220 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10021B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1368] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002DF90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1368] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E410 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1368] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E1D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1504] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1504] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1504] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1504] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1504] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1504] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1504] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1504] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1504] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10021220 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1504] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10021B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1504] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002DF90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1620] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1620] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1620] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\WINDOWS\Explorer.EXE[1620] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1620] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1620] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1620] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\WINDOWS\Explorer.EXE[1620] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10021220 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1620] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10021B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1620] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002DF90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1620] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E410 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1620] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E1D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1956] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1956] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1956] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\WINDOWS\system32\spoolsv.exe[1956] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1956] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1956] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1956] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\WINDOWS\system32\spoolsv.exe[1956] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10021220 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1956] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10021B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1956] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002DF90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1956] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E410 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1956] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E1D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2520] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2520] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2520] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\WINDOWS\System32\alg.exe[2520] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2520] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2520] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2520] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\WINDOWS\System32\alg.exe[2520] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002DF90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2520] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10021220 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2520] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10021B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2520] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E410 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2520] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E1D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 100277A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\Program Files\Opera\Opera.exe[2896] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\Program Files\Opera\Opera.exe[2896] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002DF90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10021220 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10021B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E410 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E1D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] WS2_32.dll!WSASocketW 71A539CB 7 Bytes JMP 10027970 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Opera\Opera.exe[2896] WS2_32.dll!WSASocketA 71A58769 5 Bytes JMP 10027990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\OTL.exe[3096] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\OTL.exe[3096] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\OTL.exe[3096] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\OTL.exe[3096] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\OTL.exe[3096] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\OTL.exe[3096] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\OTL.exe[3096] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\OTL.exe[3096] user32.dll!EndTask 77D79C9D 5 Bytes JMP 1002DF90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\OTL.exe[3096] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10021220 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\OTL.exe[3096] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10021B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\7ronqepo.exe[3888] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\7ronqepo.exe[3888] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\7ronqepo.exe[3888] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\7ronqepo.exe[3888] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\7ronqepo.exe[3888] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\7ronqepo.exe[3888] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\7ronqepo.exe[3888] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\7ronqepo.exe[3888] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10021220 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\7ronqepo.exe[3888] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10021B50 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\7ronqepo.exe[3888] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002DF90 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\7ronqepo.exe[3888] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E410 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\7ronqepo.exe[3888] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E1D0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7406750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7406820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F74067F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F74067B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F74067B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7406820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7406750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F74067F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F74067F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F74067B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7406820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F7406750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F74067B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7406750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7406820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F74067F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7406750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7406820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F74067B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F74067F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F74067B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7406820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7406750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F74067B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F74067F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7406750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7406820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- User IAT/EAT - GMER 1.0.15 ---- IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [0063BA80] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [0063B8B0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0063BA80] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [0063B9F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0063AFD0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0063B970] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [0063AFD0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [0063B9F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0063B8F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0063BA80] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0063B8F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0063BA80] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0063AFD0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0063B8F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0063BA80] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0063BA80] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0063AFD0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] [0063B9F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0063AFD0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0063BA80] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [0063A730] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [0063B9F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0063B930] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0063B970] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0063B8F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0063AFD0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0063BA80] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [0063AB30] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [0063ABC0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [0063A6D0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [0063B060] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [0063B120] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SystemParametersInfoW] [0063B360] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [0063A9F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [0063AA90] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [0063B1E0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteObject] [0063A730] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] [0063B9F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0063B8F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0063BA80] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [0063AFD0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0063B970] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0063B930] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [0063B4A0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [0063AB30] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [0063B1E0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [0063A6D0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [0063ABC0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!RegisterClassW] [0063B120] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [0063A780] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!FillRect] [0063B5E0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [0063B6B0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawEdge] [0063B660] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [0063B360] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [0063A980] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [0063A9F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [0063A870] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [0063A730] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0063BA80] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0063B8F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0063AFD0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0063B970] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0063B930] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [0063B360] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\ole32.dll [USER32.dll!GetSystemMetrics] [0063B1E0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [0063A6D0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [0063A9F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\ole32.dll [USER32.dll!RegisterClassW] [0063B120] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [0063ABC0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0063B8F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0063BA80] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [0063AFD0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0063B8B0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0063BA80] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [0063B8F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0063B930] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateThread] [0063AFD0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0063BA80] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\USERENV.dll [USER32.dll!GetSystemMetrics] [0063B1E0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0063BA80] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0063B930] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0063B970] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [0063AFD0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] [0063B9F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[624] @ D:\WINDOWS\system32\CRYPT32.dll [USER32.dll!GetSystemMetrics] [0063B1E0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\WINDOWS\system32\services.exe[704] @ D:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT D:\WINDOWS\system32\services.exe[704] @ D:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) ---- EOF - GMER 1.0.15 ----