GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-12-30 13:12:24 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5001AALS-00LWTA0 rev.15.01H15 Running: hixfqhlj.exe; Driver: C:\DOCUME~1\www\USTAWI~1\Temp\pxtdapob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwAddBootEntry [0xB336F36B] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB34C87E6] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwAllocateVirtualMemory [0xB3371301] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwClose [0xB334A4B7] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB34C7D92] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwCreateEvent [0xB3371949] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwCreateEventPair [0xB3371BDD] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwCreateFile [0xB33408DB] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwCreateKey [0xB334E25F] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwCreateMutant [0xB3371E67] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwCreateProcess [0xB3352F3C] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwCreateProcessEx [0xB3353114] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwCreateSection [0xB334AEE7] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwCreateSemaphore [0xB33720F7] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwCreateSymbolicLinkObject [0xB336F690] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwCreateThread [0xB335FECE] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwDebugActiveProcess [0xB3370223] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwDeleteBootEntry [0xB336F3EC] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwDeleteFile [0xB334A8B0] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwDeleteKey [0xB334EF05] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwDeleteValueKey [0xB334F128] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwDeviceIoControlFile [0xB336E8B3] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwDuplicateObject [0xB33553E4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xB34C97F8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xB34C9A4E] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwFreeVirtualMemory [0xB33715A3] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwFsControlFile [0xB3356DB3] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwInitiatePowerAction [0xB3372567] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwLoadDriver [0xB3372607] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwLoadKey [0xB334F8F1] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwLoadKey2 [0xB334FBD6] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwLockFile [0xB3372AB0] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwMakeTemporaryObject [0xB336F8D9] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwMapViewOfSection [0xB3353F06] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwModifyBootEntry [0xB336F469] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwOpenEvent [0xB3371A98] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwOpenEventPair [0xB3371D22] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwOpenFile [0xB334436D] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwOpenKey [0xB334D2E3] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwOpenMutant [0xB3371FB2] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwOpenProcess [0xB3351C4C] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwOpenSection [0xB334B8EF] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwOpenSemaphore [0xB3372244] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwOpenThread [0xB3351F88] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwProtectVirtualMemory [0xB33708F3] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwQueryInformationThread [0xB337338E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xB34C9C5C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xB34CA0B0] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwQuerySystemInformation [0xB33731D0] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwQueryValueKey [0xB335111E] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwQueueApcThread [0xB337055B] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwRaiseHardError [0xB33724B9] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwReadFile [0xB334989B] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwReadFileScatter [0xB334A010] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwReadRequestData [0xB3359CDE] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwReadVirtualMemory [0xB3370D20] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwRenameKey [0xB3350029] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwReplaceKey [0xB334FECF] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwReplyWaitReceivePort [0xB335D7EE] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwReplyWaitReceivePortEx [0xB335DC44] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwRestoreKey [0xB334F57C] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwResumeThread [0xB3360B99] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSaveKey [0xB334F75A] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSaveKeyEx [0xB3350797] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSaveMergedKeys [0xB3350902] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSetBootEntryOrder [0xB336F4E6] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSetBootOptions [0xB336F567] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSetContextThread [0xB337039D] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSetInformationFile [0xB334C138] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSetInformationObject [0xB3372697] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSetInformationProcess [0xB336FD0F] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSetSecurityObject [0xB336FAD6] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSetSystemInformation [0xB3359755] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSetSystemPowerState [0xB3372389] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSetSystemTime [0xB337181F] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSetValueKey [0xB334E89E] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwShutdownSystem [0xB3372425] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSuspendProcess [0xB3372EAB] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSuspendThread [0xB3372D74] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSystemDebugControl [0xB336F5E8] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwTerminateProcess [0xB3353B18] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwTerminateThread [0xB335386C] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwUnloadKey [0xB3350A6D] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwUnloadKeyEx [0xB3350AEF] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwUnmapViewOfSection [0xB3354EC2] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwVdmControl [0xB3372863] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwWriteFile [0xB3346A18] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwWriteFileGather [0xB33459E8] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwWriteVirtualMemory [0xB3370F12] INT 0x62 ? 8A3D9BF8 INT 0x63 ? 8A115BF8 INT 0x63 ? 8A115BF8 INT 0x63 ? 8A115BF8 INT 0x63 ? 8A115BF8 INT 0x63 ? 8A115BF8 INT 0x63 ? 8A115BF8 INT 0x82 ? 8A3D9BF8 INT 0x83 ? 8A3D9BF8 INT 0x83 ? 8A3D9BF8 INT 0x83 ? 8A3D9BF8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C50 805044EC 12 Bytes [49, 19, 37, B3, DD, 1B, 37, ...] {DEC ECX; SBB [EDI], ESI; MOV BL, 0xdd; SBB ESI, [EDI]; MOV BL, 0xdb; OR [EBX+ESI*4], DH} .text ntkrnlpa.exe!ZwCallbackReturn + 2C8C 80504528 16 Bytes [E7, AE, 34, B3, F7, 20, 37, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2CB8 80504554 12 Bytes [EC, F3, 36, B3, B0, A8, 34, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2D48 805045E4 16 Bytes [07, 26, 37, B3, F1, F8, 34, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2D75 80504611 7 Bytes [3F, 35, B3, 69, F4, 36, B3] .text ... ? sphw.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB5C8D3A0, 0x8A1A15, 0xE8000020] .text USBPORT.SYS!DllUnload B5C378AC 5 Bytes JMP 8A1151D8 .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB2080300, 0x3B6D8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8378300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\spoolsv.exe[256] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[256] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\spoolsv.exe[256] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[256] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[256] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[256] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[256] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[256] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[256] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[256] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[256] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[256] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[368] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[368] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\nvsvc32.exe[368] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[368] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[368] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[368] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[368] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[368] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[368] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[368] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[368] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[368] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[540] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[540] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[540] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[540] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[540] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[540] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[540] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[540] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[540] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[540] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[540] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[540] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[540] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[540] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\csrss.exe[788] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\csrss.exe[788] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[876] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[876] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\services.exe[876] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[876] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[876] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[876] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[876] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[876] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[876] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[876] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[876] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[876] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[876] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[888] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[888] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\lsass.exe[888] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[888] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[888] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[888] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[888] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[888] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[888] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[888] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[888] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[888] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Nero\Update\NASvc.exe[1004] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Nero\Update\NASvc.exe[1004] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Nero\Update\NASvc.exe[1004] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Nero\Update\NASvc.exe[1004] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Nero\Update\NASvc.exe[1004] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Nero\Update\NASvc.exe[1004] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Nero\Update\NASvc.exe[1004] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Nero\Update\NASvc.exe[1004] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Nero\Update\NASvc.exe[1004] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Nero\Update\NASvc.exe[1004] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Nero\Update\NASvc.exe[1004] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Nero\Update\NASvc.exe[1004] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Nero\Update\NASvc.exe[1004] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Nero\Update\NASvc.exe[1004] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1012] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1012] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1012] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1012] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1012] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1012] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1012] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1012] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1012] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1012] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1012] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1012] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PuranDefragS.exe[1200] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PuranDefragS.exe[1200] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\PuranDefragS.exe[1200] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PuranDefragS.exe[1200] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PuranDefragS.exe[1200] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PuranDefragS.exe[1200] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PuranDefragS.exe[1200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PuranDefragS.exe[1200] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PuranDefragS.exe[1200] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PuranDefragS.exe[1200] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PuranDefragS.exe[1200] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PuranDefragS.exe[1200] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PuranDefragS.exe[1200] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PuranDefragS.exe[1200] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1268] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1268] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1268] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1268] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1268] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1268] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1268] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1268] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1268] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1268] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1268] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1268] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1316] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1316] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1316] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1316] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1316] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1316] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1316] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1316] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1316] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1316] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1316] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1316] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1356] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1356] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1356] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1356] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1384] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1384] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1384] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1384] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1384] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1384] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1384] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1384] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1384] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1384] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1384] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1384] rpcss.dll!WhichService 76A64234 8 Bytes JMP ED501001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1416] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00530250 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1416] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00549CD0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1452] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1452] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1452] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1452] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1452] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1532] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1532] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1532] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1532] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[1612] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[1612] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[1612] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[1612] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[1612] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[1612] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[1612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[1612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[1612] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[1612] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[1612] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[1612] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[1612] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[1612] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1684] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1684] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1684] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1684] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1684] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1684] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1684] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1684] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1684] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1684] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1684] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1684] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1708] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1708] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1708] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1708] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1708] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1708] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1708] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1708] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1708] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1708] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1708] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1708] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1708] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[1788] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[1788] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[1788] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[1788] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[1788] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[1788] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[1788] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[1788] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[1788] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[1788] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[1788] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[1788] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[1788] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[1788] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\spd.exe[1800] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\spd.exe[1800] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\cFosSpeed\spd.exe[1800] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\spd.exe[1800] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\spd.exe[1800] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\spd.exe[1800] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\spd.exe[1800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\spd.exe[1800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\spd.exe[1800] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\spd.exe[1800] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\spd.exe[1800] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\spd.exe[1800] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\spd.exe[1800] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\spd.exe[1800] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1876] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1876] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1876] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1876] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1876] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1876] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\defensewall_serv.exe[1908] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\defensewall_serv.exe[1908] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\defensewall_serv.exe[1908] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\defensewall_serv.exe[1908] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\defensewall_serv.exe[1908] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\defensewall_serv.exe[1908] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\defensewall_serv.exe[1908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\defensewall_serv.exe[1908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\defensewall_serv.exe[1908] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\defensewall_serv.exe[1908] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\defensewall_serv.exe[1908] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\defensewall_serv.exe[1908] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\defensewall_serv.exe[1908] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\defensewall_serv.exe[1908] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1960] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1960] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Java\jre6\bin\jqs.exe[1960] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1960] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1960] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1960] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1960] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1960] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1960] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1960] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1960] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1960] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1960] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1960] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1984] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1984] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1984] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1984] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2200] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2200] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2200] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2200] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2200] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2200] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2200] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2200] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2200] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2200] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2200] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2200] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2200] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\OTL.exe[2224] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\OTL.exe[2224] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Documents and Settings\www\Pulpit\OTL.exe[2224] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\OTL.exe[2224] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\OTL.exe[2224] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\OTL.exe[2224] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\OTL.exe[2224] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\OTL.exe[2224] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\OTL.exe[2224] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\OTL.exe[2224] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\OTL.exe[2224] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\OTL.exe[2224] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\OTL.exe[2224] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\OTL.exe[2224] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2272] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2272] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\SOUNDMAN.EXE[2272] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2272] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2272] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2272] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2272] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2272] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2272] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2272] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2272] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[2272] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Puran Defrag\PuranADT.exe[2312] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Puran Defrag\PuranADT.exe[2312] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Puran Defrag\PuranADT.exe[2312] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Puran Defrag\PuranADT.exe[2312] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Puran Defrag\PuranADT.exe[2312] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Puran Defrag\PuranADT.exe[2312] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Puran Defrag\PuranADT.exe[2312] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Puran Defrag\PuranADT.exe[2312] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Puran Defrag\PuranADT.exe[2312] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Puran Defrag\PuranADT.exe[2312] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Puran Defrag\PuranADT.exe[2312] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Puran Defrag\PuranADT.exe[2312] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Puran Defrag\PuranADT.exe[2312] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Puran Defrag\PuranADT.exe[2312] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2412] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2412] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2412] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2412] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2412] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2412] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2412] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2412] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2412] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2412] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2412] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2412] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002ADA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Opera\opera.exe[2424] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002AD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002AE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002AE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002ADC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002A430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002AD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002AD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002A3E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002AD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002AD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002ADE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 1002A6F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002A480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002ACE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002AC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002A9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002AC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002AC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002AA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002ACC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002AA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002AA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002AA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002AC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002AAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002AB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002AC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002AB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002ABE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002ABC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002AAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002AA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002AB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002AB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002AAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002AB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!CopyFileExA 7C85F39C 1 Byte [E9] .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002ABA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002A9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002ACA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002A940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002A960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002A9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002A980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] WS2_32.dll!WSASocketW 71A5404E 2 Bytes JMP 1002A8C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2424] WS2_32.dll!WSASocketW + 3 71A54051 4 Bytes [5D, 9E, CC, CC] {POP EBP; SAHF ; INT 3 ; INT 3 } .text C:\Program Files\Opera\opera.exe[2424] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002A8E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DefenseWall\DefenseWall.exe[2612] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DefenseWall\DefenseWall.exe[2612] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\DefenseWall\DefenseWall.exe[2612] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DefenseWall\DefenseWall.exe[2612] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DefenseWall\DefenseWall.exe[2612] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DefenseWall\DefenseWall.exe[2612] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DefenseWall\DefenseWall.exe[2612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DefenseWall\DefenseWall.exe[2612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DefenseWall\DefenseWall.exe[2612] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DefenseWall\DefenseWall.exe[2612] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DefenseWall\DefenseWall.exe[2612] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DefenseWall\DefenseWall.exe[2612] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DefenseWall\DefenseWall.exe[2612] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DefenseWall\DefenseWall.exe[2612] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2632] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2632] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\System32\alg.exe[2632] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2632] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2632] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2632] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2632] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2632] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2632] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2632] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2632] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2632] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2676] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2676] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2676] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2676] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2676] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2676] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2676] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2676] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2676] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2676] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2676] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2676] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\cFosSpeed.exe[2760] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\cFosSpeed.exe[2760] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\cFosSpeed\cFosSpeed.exe[2760] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\cFosSpeed.exe[2760] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\cFosSpeed.exe[2760] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\cFosSpeed.exe[2760] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\cFosSpeed.exe[2760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\cFosSpeed.exe[2760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\cFosSpeed.exe[2760] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\cFosSpeed.exe[2760] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\cFosSpeed.exe[2760] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\cFosSpeed.exe[2760] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\cFosSpeed.exe[2760] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\cFosSpeed\cFosSpeed.exe[2760] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2900] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2900] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[2900] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2900] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2900] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2900] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2900] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2900] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2900] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2900] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2900] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2900] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2900] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2900] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2920] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2920] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2920] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2920] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2920] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2920] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2920] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2920] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2920] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2920] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2920] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2920] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDLL32.exe[3176] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDLL32.exe[3176] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\RunDLL32.exe[3176] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDLL32.exe[3176] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDLL32.exe[3176] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDLL32.exe[3176] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDLL32.exe[3176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDLL32.exe[3176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDLL32.exe[3176] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDLL32.exe[3176] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDLL32.exe[3176] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDLL32.exe[3176] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDLL32.exe[3176] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RunDLL32.exe[3176] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3372] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 007752B0 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\StkASv2K.exe[3384] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\StkASv2K.exe[3384] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\System32\StkASv2K.exe[3384] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\StkASv2K.exe[3384] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\StkASv2K.exe[3384] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\StkASv2K.exe[3384] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\StkASv2K.exe[3384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\StkASv2K.exe[3384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\StkASv2K.exe[3384] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\StkASv2K.exe[3384] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\StkASv2K.exe[3384] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\StkASv2K.exe[3384] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\StkASv2K.exe[3384] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\StkASv2K.exe[3384] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\hixfqhlj.exe[3612] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\hixfqhlj.exe[3612] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Documents and Settings\www\Pulpit\hixfqhlj.exe[3612] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\hixfqhlj.exe[3612] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\hixfqhlj.exe[3612] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\hixfqhlj.exe[3612] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\hixfqhlj.exe[3612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\hixfqhlj.exe[3612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\hixfqhlj.exe[3612] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\hixfqhlj.exe[3612] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\hixfqhlj.exe[3612] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\hixfqhlj.exe[3612] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\hixfqhlj.exe[3612] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\www\Pulpit\hixfqhlj.exe[3612] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe[3644] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe[3644] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe[3644] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe[3644] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe[3644] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe[3644] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe[3644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe[3644] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe[3644] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe[3644] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe[3644] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe[3644] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe[3644] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe[3644] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SpeedFan\speedfan.exe[3896] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SpeedFan\speedfan.exe[3896] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\SpeedFan\speedfan.exe[3896] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SpeedFan\speedfan.exe[3896] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SpeedFan\speedfan.exe[3896] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SpeedFan\speedfan.exe[3896] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SpeedFan\speedfan.exe[3896] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SpeedFan\speedfan.exe[3896] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SpeedFan\speedfan.exe[3896] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SpeedFan\speedfan.exe[3896] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SpeedFan\speedfan.exe[3896] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SpeedFan\speedfan.exe[3896] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SpeedFan\speedfan.exe[3896] advapi32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SpeedFan\speedfan.exe[3896] advapi32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA8042] sphw.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA813E] sphw.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA80C0] sphw.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA8800] sphw.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA86D6] sphw.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\spoolsv.exe[256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [003D1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\spoolsv.exe[256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [003D1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\spoolsv.exe[256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [003D18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\spoolsv.exe[256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [003D1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\spoolsv.exe[256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [003D1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\nvsvc32.exe[368] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\nvsvc32.exe[368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\nvsvc32.exe[368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [003E18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\nvsvc32.exe[368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [003E1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\nvsvc32.exe[368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[540] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [00601760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [006018C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00601CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [00601760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [00601760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Nero\Update\NASvc.exe[1004] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Nero\Update\NASvc.exe[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [003E18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Nero\Update\NASvc.exe[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [003E1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Nero\Update\NASvc.exe[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Nero\Update\NASvc.exe[1004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [003E18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [003E1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\PuranDefragS.exe[1200] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [003B1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\PuranDefragS.exe[1200] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [003B18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\PuranDefragS.exe[1200] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [003B1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\PuranDefragS.exe[1200] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [003B1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\PuranDefragS.exe[1200] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [003B1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1268] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [00791760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1268] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [007918C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1268] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00791CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1268] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [00791760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [00791760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\CDBurnerXP\NMSAccessU.exe[1684] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\CDBurnerXP\NMSAccessU.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [003E18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\CDBurnerXP\NMSAccessU.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [003E1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\CDBurnerXP\NMSAccessU.exe[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\CDBurnerXP\NMSAccessU.exe[1684] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1708] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1708] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [003E18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1708] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [003E1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1708] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[1788] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [00931760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [009318C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00931CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[1788] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [00931760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[1788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [00931760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\cFosSpeed\spd.exe[1800] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\cFosSpeed\spd.exe[1800] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\cFosSpeed\spd.exe[1800] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [003E18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\cFosSpeed\spd.exe[1800] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [003E1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\cFosSpeed\spd.exe[1800] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Java\jre6\bin\jqs.exe[1960] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [006C1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Java\jre6\bin\jqs.exe[1960] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [006C1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Java\jre6\bin\jqs.exe[1960] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [006C18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Java\jre6\bin\jqs.exe[1960] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [006C1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Java\jre6\bin\jqs.exe[1960] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [006C1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\Explorer.EXE[1984] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [00381760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\Explorer.EXE[1984] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [00381760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\Explorer.EXE[1984] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [00381760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\Explorer.EXE[1984] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [003818C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\Explorer.EXE[1984] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00381CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2200] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2200] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [003E18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2200] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [003E1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2200] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2200] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Puran Defrag\PuranADT.exe[2312] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Puran Defrag\PuranADT.exe[2312] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Puran Defrag\PuranADT.exe[2312] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [003E18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Puran Defrag\PuranADT.exe[2312] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [003E1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Puran Defrag\PuranADT.exe[2312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2412] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [005C1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2412] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [005C18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2412] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [005C1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2412] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [005C1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2412] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [005C1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\DefenseWall\DefenseWall.exe[2612] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [003F1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\DefenseWall\DefenseWall.exe[2612] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [003F1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\DefenseWall\DefenseWall.exe[2612] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [003F18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\DefenseWall\DefenseWall.exe[2612] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [003F1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\DefenseWall\DefenseWall.exe[2612] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [003F1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2676] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [005D1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2676] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [005D1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2676] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [005D18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2676] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [005D1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2676] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [005D1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\cFosSpeed\cFosSpeed.exe[2760] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\cFosSpeed\cFosSpeed.exe[2760] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\cFosSpeed\cFosSpeed.exe[2760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\cFosSpeed\cFosSpeed.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [003E18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\cFosSpeed\cFosSpeed.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [003E1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2920] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [003E18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [003E1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00401870] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [004017B0] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00401840] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [004017B0] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00401870] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [004017E0] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00401840] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [004017B0] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00401870] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [004017E0] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00401840] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [004017E0] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [004017B0] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00401870] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [004017B0] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [004017E0] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00401870] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [004017B0] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [004017E0] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00401870] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00401870] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [004017B0] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [004017E0] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00401840] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00401810] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [004017B0] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [003E18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [003E1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00401870] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00401840] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00401810] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00401810] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00401840] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [004017E0] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [004017B0] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00401870] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [004017E0] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [00401810] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [00401870] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\WINDOWS\system32\RunDLL32.exe[3176] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [004017B0] C:\WINDOWS\system32\dwall_com.dll (dwall_com/SoftSphere Technologies) IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [00A31760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [00A31760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [00A31760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [00A318C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00A31CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe[3644] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [003F1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe[3644] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [003F18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe[3644] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [003F1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe[3644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [003F1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe[3644] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [003F1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\SpeedFan\speedfan.exe[3896] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CreateFileW] [003D1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\SpeedFan\speedfan.exe[3896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [003D1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\SpeedFan\speedfan.exe[3896] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetPrivateProfileStringW] [003D18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\SpeedFan\speedfan.exe[3896] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [003D1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\SpeedFan\speedfan.exe[3896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [003D1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A3D81F8 AttachedDevice \FileSystem\Ntfs \Ntfs dwall.sys (DefenseWall/SoftSphere Technologies) AttachedDevice \Driver\Tcpip \Device\Ip dwall.sys (DefenseWall/SoftSphere Technologies) Device \Driver\usbuhci \Device\USBPDO-0 8A1131F8 Device \Driver\usbuhci \Device\USBPDO-1 8A1131F8 Device \Driver\usbuhci \Device\USBPDO-2 8A1131F8 Device \Driver\usbuhci \Device\USBPDO-3 8A1131F8 Device \Driver\usbehci \Device\USBPDO-4 8A0E31F8 AttachedDevice \Driver\Tcpip \Device\Tcp dwall.sys (DefenseWall/SoftSphere Technologies) Device \Driver\Cdrom \Device\CdRom0 8A12C1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-1b [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBT_Tcpip_{C713EE9E-0001-4C76-9EAC-A985F0EE5980} 8A036500 Device \Driver\usbstor \Device\00000080 8A0821F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A036500 AttachedDevice \Driver\Tcpip \Device\Udp dwall.sys (DefenseWall/SoftSphere Technologies) AttachedDevice \Driver\Tcpip \Device\RawIp dwall.sys (DefenseWall/SoftSphere Technologies) Device \Driver\usbuhci \Device\USBFDO-0 8A1131F8 Device \Driver\usbstor \Device\0000007a 8A0821F8 Device \Driver\usbuhci \Device\USBFDO-1 8A1131F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A005500 Device \Driver\usbuhci \Device\USBFDO-2 8A1131F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A005500 Device \Driver\usbuhci \Device\USBFDO-3 8A1131F8 Device \Driver\usbstor \Device\0000007d 8A0821F8 Device \Driver\usbehci \Device\USBFDO-4 8A0E31F8 Device \Driver\Ftdisk \Device\FtControl 8A36A1F8 Device \Driver\usbstor \Device\0000007e 8A0821F8 Device \Driver\usbstor \Device\0000007f 8A0821F8 Device \FileSystem\Cdfs \Cdfs 8A0A0478 ---- Processes - GMER 1.0.15 ---- Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1984] 0x67080000 ---- Threads - GMER 1.0.15 ---- Thread rundll32.exe [3176:3180] 00080024 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEF 0x22 0x64 0xC1 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEF 0x22 0x64 0xC1 ... ---- EOF - GMER 1.0.15 ----