GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-05 18:01:31 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-5 ST1000DM003-9YN162 rev.CC4B Running: kmgfq829.exe; Driver: C:\Users\Adam\AppData\Local\Temp\awlcqaow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x89F48F80] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x89F4916C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x89F482E0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x89F48BE6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x89F4899A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x89F49CE4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x89F47CCC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x89F4939A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x89F49716] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x89F485A8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x89F48DC2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x89F48842] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x89F49A02] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x89F48512] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x89F4872E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x89F480E2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x89F47ED0] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwSaveKey + 13CD 82C4C9A9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C6C4E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 139F 82C7375C 4 Bytes [80, 8F, F4, 89] .text ntoskrnl.exe!KeRemoveQueueEx + 13C7 82C73784 4 Bytes [6C, 91, F4, 89] .text ntoskrnl.exe!KeRemoveQueueEx + 145B 82C73818 4 Bytes JMP F482E082 .text ntoskrnl.exe!KeRemoveQueueEx + 1477 82C73834 4 Bytes [E6, 8B, F4, 89] .text ntoskrnl.exe!KeRemoveQueueEx + 14BF 82C7387C 4 Bytes [9A, 89, F4, 89] .text ... .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x89753089] .text USBPORT.SYS!DllUnload 91FB0DB9 5 Bytes JMP 85C3F410 ? C:\Windows\System32\Drivers\axyfxbxj.SYS suspicious PE modification .text advapi32.dll!CreateProcessAsUserA 77002538 5 Bytes [E9, 53, 1E, 02, 99] {JMP 0xffffffff99021e58} .text kernel32.dll!CreateProcessW 76EC204D 5 Bytes [E9, DE, 2E, 16, 99] {JMP 0xffffffff99162ee3} .text kernel32.dll!CreateProcessA 76EC2082 5 Bytes [E9, 39, 3A, 16, 99] {JMP 0xffffffff99163a3e} .text kernel32.dll!CreateProcessAsUserW 76EF59AF 5 Bytes [E9, AC, E0, 12, 99] {JMP 0xffffffff9912e0b1} .text gdi32.dll!DeleteDC 75D16EAA 5 Bytes [E9, 11, 1D, 31, 9A] {JMP 0xffffffff9a311d16} .text gdi32.dll!GetPixel 75D1C3D5 5 Bytes [E9, B6, C5, 30, 9A] {JMP 0xffffffff9a30c5bb} .text gdi32.dll!CreateDCA 75D1CCA9 5 Bytes [E9, 12, D0, 30, 9A] {JMP 0xffffffff9a30d017} .text gdi32.dll!CreateDCW 75D1CF79 5 Bytes [E9, 42, CC, 30, 9A] {JMP 0xffffffff9a30cc47} ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\csrss.exe[424] ntdll.dll!NtAlpcSendWaitReceivePort 774E5418 5 Bytes JMP 75681BA0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[424] ntdll.dll!NtReplyWaitReceivePort 774E6418 5 Bytes JMP 75681450 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[424] ntdll.dll!NtReplyWaitReceivePortEx 774E6428 5 Bytes JMP 756817F0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[488] ntdll.dll!NtAlpcSendWaitReceivePort 774E5418 5 Bytes JMP 75681BA0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[488] ntdll.dll!NtReplyWaitReceivePort 774E6418 5 Bytes JMP 75681450 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[488] ntdll.dll!NtReplyWaitReceivePortEx 774E6428 5 Bytes JMP 756817F0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] ntdll.dll!NtAlpcSendWaitReceivePort 774E5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] ntdll.dll!NtClose 774E54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] ntdll.dll!LdrUnloadDll 774FC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] ntdll.dll!LdrLoadDll 7750223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] kernel32.dll!CreateProcessW 76EC204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] kernel32.dll!CreateProcessA 76EC2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] kernel32.dll!CreateProcessAsUserW 76EF59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!RegisterRawInputDevices 77605B52 5 Bytes JMP 10018E60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!SystemParametersInfoA 776080E0 7 Bytes JMP 1001C5F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!SetParent 77608314 5 Bytes JMP 100188E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!EnableWindow 77608D02 5 Bytes JMP 10017E00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!MoveWindow 77608D29 5 Bytes JMP 10018B80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!GetAsyncKeyState 7760A256 5 Bytes JMP 10019080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!RegisterHotKey 7760AA19 5 Bytes JMP 100180A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!PostThreadMessageA 7760AD09 5 Bytes JMP 1001B8E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!SendMessageA 7760AD60 5 Bytes JMP 1001B3A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!PostMessageA 7760B446 5 Bytes JMP 1001BE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!SendNotifyMessageW 7760C88A 5 Bytes JMP 1001A0C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!SystemParametersInfoW 7760E09A 7 Bytes JMP 1001C3D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!SetWindowsHookExW 7760E30C 1 Byte [E9] .text C:\Windows\system32\wininit.exe[500] USER32.dll!SetWindowsHookExW 7760E30C 5 Bytes JMP 1001C810 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!SendMessageTimeoutW 7760E459 5 Bytes JMP 1001AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!PostThreadMessageW 7760EEFC 5 Bytes JMP 1001B640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!SetWinEventHook 776124DC 5 Bytes JMP 1001C0C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!GetKeyState 77612B4D 5 Bytes JMP 10019330 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!SendMessageCallbackW 77612F7B 5 Bytes JMP 1001A600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!PostMessageW 7761447B 5 Bytes JMP 1001BB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!SendMessageW 77615539 5 Bytes JMP 1001B100 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!GetClipboardData 77622BA7 5 Bytes JMP 100182D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!SendNotifyMessageA 7762493C 5 Bytes JMP 1001A360 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!mouse_event 77626209 5 Bytes JMP 10029670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!SetClipboardViewer 77626FF6 5 Bytes JMP 100186E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!SendDlgItemMessageW 776270D8 5 Bytes JMP 10019B60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!SendDlgItemMessageA 77627241 5 Bytes JMP 10019E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!GetKeyboardState 77636946 5 Bytes JMP 100195E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!BlockInput 77636A99 5 Bytes JMP 100184E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!SetWindowsHookExA 77636D0C 5 Bytes JMP 1001CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!SendMessageTimeoutA 77636DA9 5 Bytes JMP 1001AE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!SendInput 77637019 5 Bytes JMP 10019890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!ExitWindowsEx 776506C7 5 Bytes JMP 10017BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!keybd_event 7765EC3B 5 Bytes JMP 10029880 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] USER32.dll!SendMessageCallbackA 77663E8B 5 Bytes JMP 1001A8C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] GDI32.dll!DeleteDC 75D16EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] GDI32.dll!BitBlt 75D172C0 5 Bytes JMP 100293E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] GDI32.dll!GetPixel 75D1C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] GDI32.dll!MaskBlt 75D1C7AD 5 Bytes JMP 10029130 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] GDI32.dll!CreateDCA 75D1CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] GDI32.dll!CreateDCW 75D1CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] GDI32.dll!StretchBlt 75D1F467 5 Bytes JMP 10028C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] GDI32.dll!PlgBlt 75D30F73 5 Bytes JMP 10028EA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[500] ADVAPI32.dll!CreateProcessAsUserA 77002538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[596] services.exe 009E1608 4 Bytes [80, E1, 01, 10] .text C:\Windows\system32\services.exe[596] services.exe 009E1618 4 Bytes [60, DC, 01, 10] .text C:\Windows\system32\services.exe[596] services.exe 009E1638 4 Bytes [A0, E4, 01, 10] .text C:\Windows\system32\services.exe[596] services.exe 009E1648 4 Bytes [E0, DE, 01, 10] {LOOPNZ 0xffffffffffffffe0; ADD [EAX], EDX} .text C:\Windows\system32\services.exe[596] ntdll.dll!NtAlpcSendWaitReceivePort 774E5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[596] ntdll.dll!NtClose 774E54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[596] ntdll.dll!LdrUnloadDll 774FC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[596] ntdll.dll!LdrLoadDll 7750223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[596] kernel32.dll!CreateProcessW 76EC204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[596] kernel32.dll!CreateProcessA 76EC2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[596] kernel32.dll!CreateProcessAsUserW 76EF59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[596] RPCRT4.dll!RpcServerRegisterIfEx 75E109BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[596] GDI32.dll!DeleteDC 75D16EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[596] GDI32.dll!GetPixel 75D1C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[596] GDI32.dll!CreateDCA 75D1CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[596] GDI32.dll!CreateDCW 75D1CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[596] ADVAPI32.dll!CreateProcessAsUserA 77002538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[604] ntdll.dll!NtAlpcSendWaitReceivePort 774E5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[604] ntdll.dll!NtClose 774E54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[604] ntdll.dll!LdrUnloadDll 774FC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[604] ntdll.dll!LdrLoadDll 7750223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[604] kernel32.dll!CreateProcessW 76EC204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[604] kernel32.dll!CreateProcessA 76EC2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[604] kernel32.dll!CreateProcessAsUserW 76EF59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[604] GDI32.dll!DeleteDC 75D16EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[604] GDI32.dll!GetPixel 75D1C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[604] GDI32.dll!CreateDCA 75D1CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[604] GDI32.dll!CreateDCW 75D1CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[604] ADVAPI32.dll!CreateProcessAsUserA 77002538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[612] ntdll.dll!NtAlpcSendWaitReceivePort 774E5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[612] ntdll.dll!NtClose 774E54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[612] ntdll.dll!LdrUnloadDll 774FC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[612] ntdll.dll!LdrLoadDll 7750223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[612] kernel32.dll!CreateProcessW 76EC204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[612] kernel32.dll!CreateProcessA 76EC2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[612] kernel32.dll!CreateProcessAsUserW 76EF59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[612] GDI32.dll!DeleteDC 75D16EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[612] GDI32.dll!GetPixel 75D1C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[612] GDI32.dll!CreateDCA 75D1CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[612] GDI32.dll!CreateDCW 75D1CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[612] ADVAPI32.dll!CreateProcessAsUserA 77002538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[728] ntdll.dll!NtAlpcSendWaitReceivePort 774E5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[728] ntdll.dll!NtClose 774E54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[728] ntdll.dll!LdrUnloadDll 774FC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[728] ntdll.dll!LdrLoadDll 7750223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[728] kernel32.dll!CreateProcessW 76EC204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[728] kernel32.dll!CreateProcessA 76EC2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[728] kernel32.dll!CreateProcessAsUserW 76EF59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[728] RPCRT4.dll!RpcServerRegisterIfEx 75E109BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[728] GDI32.dll!DeleteDC 75D16EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[728] GDI32.dll!GetPixel 75D1C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[728] GDI32.dll!CreateDCA 75D1CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[728] GDI32.dll!CreateDCW 75D1CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[728] ADVAPI32.dll!CreateProcessAsUserA 77002538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtAlpcSendWaitReceivePort 774E5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtClose 774E54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[804] ntdll.dll!LdrUnloadDll 774FC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[804] ntdll.dll!LdrLoadDll 7750223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateProcessW 76EC204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateProcessA 76EC2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateProcessAsUserW 76EF59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[804] RPCRT4.dll!RpcServerRegisterIfEx 75E109BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[804] GDI32.dll!DeleteDC 75D16EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[804] GDI32.dll!GetPixel 75D1C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[804] GDI32.dll!CreateDCA 75D1CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[804] GDI32.dll!CreateDCW 75D1CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!CreateProcessAsUserA 77002538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[804] rpcss.dll!CoGetComCatalog 74BB35EC 8 Bytes JMP ED501001 .text D:\COMODO\COMODO Internet Security\cmdagent.exe[884] ntdll.dll!NtAllocateVirtualMemory 774E52D8 5 Bytes JMP 00530250 D:\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text D:\COMODO\COMODO Internet Security\cmdagent.exe[884] ntdll.dll!NtCreateFile 774E55C8 5 Bytes JMP 00549CD0 D:\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[932] ntdll.dll!NtAlpcSendWaitReceivePort 774E5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[932] ntdll.dll!NtClose 774E54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[932] ntdll.dll!LdrUnloadDll 774FC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[932] ntdll.dll!LdrLoadDll 7750223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateProcessW 76EC204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateProcessA 76EC2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateProcessAsUserW 76EF59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[932] GDI32.dll!DeleteDC 75D16EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[932] GDI32.dll!GetPixel 75D1C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[932] GDI32.dll!CreateDCA 75D1CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[932] GDI32.dll!CreateDCW 75D1CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!CreateProcessAsUserA 77002538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[976] ntdll.dll!NtAlpcSendWaitReceivePort 774E5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[976] ntdll.dll!NtClose 774E54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[976] ntdll.dll!LdrUnloadDll 774FC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[976] ntdll.dll!LdrLoadDll 7750223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[976] kernel32.dll!CreateProcessW 76EC204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[976] kernel32.dll!CreateProcessA 76EC2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[976] kernel32.dll!CreateProcessAsUserW 76EF59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[976] GDI32.dll!DeleteDC 75D16EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[976] GDI32.dll!GetPixel 75D1C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[976] GDI32.dll!CreateDCA 75D1CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[976] GDI32.dll!CreateDCW 75D1CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[976] ADVAPI32.dll!CreateProcessAsUserA 77002538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtAlpcSendWaitReceivePort 774E5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtClose 774E54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1012] ntdll.dll!LdrUnloadDll 774FC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1012] ntdll.dll!LdrLoadDll 7750223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1012] kernel32.dll!CreateProcessW 76EC204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1012] kernel32.dll!CreateProcessA 76EC2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1012] kernel32.dll!CreateProcessAsUserW 76EF59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1012] GDI32.dll!DeleteDC 75D16EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1012] GDI32.dll!GetPixel 75D1C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1012] GDI32.dll!CreateDCA 75D1CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1012] GDI32.dll!CreateDCW 75D1CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1012] ADVAPI32.dll!CreateProcessAsUserA 77002538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1036] ntdll.dll!NtAlpcSendWaitReceivePort 774E5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1036] ntdll.dll!NtClose 774E54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 774FC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7750223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!CreateProcessW 76EC204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!CreateProcessA 76EC2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!CreateProcessAsUserW 76EF59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1036] RPCRT4.dll!RpcServerRegisterIfEx 75E109BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1036] GDI32.dll!DeleteDC 75D16EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1036] GDI32.dll!GetPixel 75D1C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1036] GDI32.dll!CreateDCA 75D1CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1036] GDI32.dll!CreateDCW 75D1CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!CreateProcessAsUserA 77002538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1180] ntdll.dll!NtAlpcSendWaitReceivePort 774E5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1180] ntdll.dll!NtClose 774E54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1180] ntdll.dll!LdrUnloadDll 774FC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1180] ntdll.dll!LdrLoadDll 7750223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateProcessW 76EC204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateProcessA 76EC2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateProcessAsUserW 76EF59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1180] GDI32.dll!DeleteDC 75D16EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1180] GDI32.dll!GetPixel 75D1C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1180] GDI32.dll!CreateDCA 75D1CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1180] GDI32.dll!CreateDCW 75D1CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!CreateProcessAsUserA 77002538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtAlpcSendWaitReceivePort 774E5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtClose 774E54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!LdrUnloadDll 774FC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!LdrLoadDll 7750223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateProcessW 76EC204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateProcessA 76EC2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateProcessAsUserW 76EF59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1320] RPCRT4.dll!RpcServerRegisterIfEx 75E109BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1320] GDI32.dll!DeleteDC 75D16EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1320] GDI32.dll!GetPixel 75D1C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1320] GDI32.dll!CreateDCA 75D1CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1320] GDI32.dll!CreateDCW 75D1CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!CreateProcessAsUserA 77002538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtAlpcSendWaitReceivePort 774E5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtClose 774E54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1496] ntdll.dll!LdrUnloadDll 774FC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1496] ntdll.dll!LdrLoadDll 7750223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateProcessW 76EC204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateProcessA 76EC2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateProcessAsUserW 76EF59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1496] GDI32.dll!DeleteDC 75D16EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1496] GDI32.dll!GetPixel 75D1C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1496] GDI32.dll!CreateDCA 75D1CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1496] GDI32.dll!CreateDCW 75D1CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!CreateProcessAsUserA 77002538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1548] ntdll.dll!NtAlpcSendWaitReceivePort 774E5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1548] ntdll.dll!NtClose 774E54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1548] ntdll.dll!LdrUnloadDll 774FC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1548] ntdll.dll!LdrLoadDll 7750223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1548] kernel32.dll!CreateProcessW 76EC204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1548] kernel32.dll!CreateProcessA 76EC2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1548] kernel32.dll!CreateProcessAsUserW 76EF59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1548] GDI32.dll!DeleteDC 75D16EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1548] GDI32.dll!GetPixel 75D1C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1548] GDI32.dll!CreateDCA 75D1CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1548] GDI32.dll!CreateDCW 75D1CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1548] ADVAPI32.dll!CreateProcessAsUserA 77002538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1664] ntdll.dll!NtAlpcSendWaitReceivePort 774E5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1664] ntdll.dll!NtClose 774E54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1664] ntdll.dll!LdrUnloadDll 774FC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1664] ntdll.dll!LdrLoadDll 7750223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1664] kernel32.dll!CreateProcessW 76EC204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1664] kernel32.dll!CreateProcessA 76EC2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1664] kernel32.dll!CreateProcessAsUserW 76EF59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1664] GDI32.dll!DeleteDC 75D16EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1664] GDI32.dll!GetPixel 75D1C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1664] GDI32.dll!CreateDCA 75D1CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1664] GDI32.dll!CreateDCW 75D1CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1664] ADVAPI32.dll!CreateProcessAsUserA 77002538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1704] ntdll.dll!NtAlpcSendWaitReceivePort 774E5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1704] ntdll.dll!NtClose 774E54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1704] ntdll.dll!LdrUnloadDll 774FC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1704] ntdll.dll!LdrLoadDll 7750223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1704] kernel32.dll!CreateProcessW 76EC204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1704] kernel32.dll!CreateProcessA 76EC2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1704] kernel32.dll!CreateProcessAsUserW 76EF59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1704] ADVAPI32.dll!CreateProcessAsUserA 77002538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1704] GDI32.dll!DeleteDC 75D16EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1704] GDI32.dll!GetPixel 75D1C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1704] GDI32.dll!CreateDCA 75D1CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1704] GDI32.dll!CreateDCW 75D1CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\GMER\kmgfq829.exe[1716] ntdll.dll!NtAlpcSendWaitReceivePort 774E5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\GMER\kmgfq829.exe[1716] ntdll.dll!NtClose 774E54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\GMER\kmgfq829.exe[1716] ntdll.dll!LdrUnloadDll 774FC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\GMER\kmgfq829.exe[1716] ntdll.dll!LdrLoadDll 7750223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\GMER\kmgfq829.exe[1716] kernel32.dll!CreateProcessW 76EC204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\GMER\kmgfq829.exe[1716] kernel32.dll!CreateProcessA 76EC2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\GMER\kmgfq829.exe[1716] kernel32.dll!CreateProcessAsUserW 76EF59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\GMER\kmgfq829.exe[1716] GDI32.dll!DeleteDC 75D16EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\GMER\kmgfq829.exe[1716] GDI32.dll!GetPixel 75D1C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\GMER\kmgfq829.exe[1716] GDI32.dll!CreateDCA 75D1CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\GMER\kmgfq829.exe[1716] GDI32.dll!CreateDCW 75D1CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\GMER\kmgfq829.exe[1716] ADVAPI32.dll!CreateProcessAsUserA 77002538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\COMODO\COMODO Internet Security\cfp.exe[1936] ntdll.dll!NtAllocateVirtualMemory 774E52D8 5 Bytes JMP 007752B0 D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1944] ntdll.dll!NtAlpcSendWaitReceivePort 774E5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1944] ntdll.dll!NtClose 774E54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1944] ntdll.dll!LdrUnloadDll 774FC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1944] ntdll.dll!LdrLoadDll 7750223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1944] kernel32.dll!CreateProcessW 76EC204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1944] kernel32.dll!CreateProcessA 76EC2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1944] kernel32.dll!CreateProcessAsUserW 76EF59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1944] ADVAPI32.dll!CreateProcessAsUserA 77002538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1944] GDI32.dll!DeleteDC 75D16EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1944] GDI32.dll!GetPixel 75D1C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1944] GDI32.dll!CreateDCA 75D1CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1944] GDI32.dll!CreateDCW 75D1CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3996] ntdll.dll!NtAlpcSendWaitReceivePort 774E5418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3996] ntdll.dll!NtClose 774E54C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3996] ntdll.dll!LdrUnloadDll 774FC86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3996] ntdll.dll!LdrLoadDll 7750223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3996] kernel32.dll!CreateProcessW 76EC204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3996] kernel32.dll!CreateProcessA 76EC2082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3996] kernel32.dll!CreateProcessAsUserW 76EF59AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3996] GDI32.dll!DeleteDC 75D16EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3996] GDI32.dll!GetPixel 75D1C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3996] GDI32.dll!CreateDCA 75D1CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3996] GDI32.dll!CreateDCW 75D1CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3996] ADVAPI32.dll!CreateProcessAsUserA 77002538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [89640730] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [89640F12] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [89641232] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [896410F0] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [89640914] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\ataport.SYS[ntoskrnl.exe!KeInsertQueueDpc] 84C7E5E8 IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!KeInsertQueueDpc] 85C3F830 ---- User IAT/EAT - GMER 1.0.15 ---- IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [006573C0] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [00656AA0] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [006574C0] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00657380] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00657440] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00657550] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00657400] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [00656200] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [00656B30] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [00656BF0] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [006561A0] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [00656690] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [00656600] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [00656CB0] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [00656250] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [00657180] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawEdge] [00657130] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [00656450] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [00656E30] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [00656F70] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [00656340] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [006564C0] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetScrollPos] [006562B0] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [006561A0] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHELL32.dll [USER32.dll!RegisterClassW] [00656BF0] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [006570B0] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [00656690] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [00656CB0] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!DeleteObject] [00656200] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00657380] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [006573C0] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00657440] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00657550] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00657380] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [006573C0] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [00657400] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\ole32.dll [GDI32.dll!DeleteObject] [00656200] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\ole32.dll [USER32.dll!CallWindowProcW] [006564C0] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSysColor] [006561A0] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSystemMetrics] [00656CB0] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [00656E30] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\ole32.dll [USER32.dll!RegisterClassW] [00656BF0] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\ole32.dll [USER32.dll!DefWindowProcW] [00656690] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [006573C0] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00657380] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00657440] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [00657400] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00657380] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [00657550] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryExA] [00657400] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\COMODO\COMODO Internet Security\cfp.exe[1936] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00657550] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 859111E8 Device \Driver\usbuhci \Device\USBPDO-0 85DAF1E8 Device \Driver\ACPI_HAL \Device\00000044 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\usbuhci \Device\USBPDO-1 85DAF1E8 Device \Driver\usbehci \Device\USBPDO-2 85D8E430 Device \Driver\usbuhci \Device\USBPDO-3 85DAF1E8 Device \Driver\usbuhci \Device\USBPDO-4 85DAF1E8 AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \Driver\usbuhci \Device\USBPDO-5 85DAF1E8 Device \Driver\usbuhci \Device\USBPDO-6 85DAF1E8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\usbehci \Device\USBPDO-7 85D8E430 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 85B691E8 Device \Driver\atapi \Device\Ide\IdePort0 8590F1E8 Device \Driver\atapi \Device\Ide\IdePort1 8590F1E8 Device \Driver\atapi \Device\Ide\IdePort2 8590F1E8 Device \Driver\atapi \Device\Ide\IdePort3 8590F1E8 Device \Driver\atapi \Device\Ide\IdePort4 8590F1E8 Device \Driver\atapi \Device\Ide\IdePort5 8590F1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 8590F1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-5 8590F1E8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom1 85B691E8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBt_Wins_Export 85C441E8 Device \Driver\PCI_PNP5091 \Device\0000004b sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \Driver\usbuhci \Device\USBFDO-0 85DAF1E8 Device \Driver\usbuhci \Device\USBFDO-1 85DAF1E8 Device \Driver\usbehci \Device\USBFDO-2 85D8E430 Device \Driver\usbuhci \Device\USBFDO-3 85DAF1E8 Device \Driver\usbuhci \Device\USBFDO-4 85DAF1E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{D54DD4C1-19B8-42F5-BAD5-6AA82F75B5A2} 85C441E8 Device \Driver\usbuhci \Device\USBFDO-5 85DAF1E8 Device \Driver\usbuhci \Device\USBFDO-6 85DAF1E8 Device \Driver\usbehci \Device\USBFDO-7 85D8E430 Device \Driver\axyfxbxj \Device\Scsi\axyfxbxj1Port6Path0Target0Lun0 85ED61E8 Device \Driver\axyfxbxj \Device\Scsi\axyfxbxj1 85ED61E8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DaemonTools\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0x68 0x28 0x5E ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAE 0xA1 0xA3 0xFE ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDA 0x45 0xD6 0x22 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x3F 0x36 0x49 0xAB ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DaemonTools\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0x68 0x28 0x5E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAE 0xA1 0xA3 0xFE ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDA 0x45 0xD6 0x22 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x3F 0x36 0x49 0xAB ... ---- EOF - GMER 1.0.15 ----