GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-30 20:05:42 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS543216L9A300 rev.FB2OC40C Running: xjpogxbp.exe; Driver: C:\DOCUME~1\my\USTAWI~1\Temp\fwlcifog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xAA23F824] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xAA23EDD0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xAA23F48A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xAA240062] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xAA241C26] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xAA241FA4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xAA23E7BC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xAA23FA10] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xAA23FC18] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xAA23E5C2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xAA240830] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xAA240A86] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xAA241658] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xAA23F098] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xAA23F666] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xAA240052] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xAA23E1F0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xAA23F332] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xAA23E3F4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xAA240C94] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xAA2410E8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xAA240EA6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xAA2405C8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xAA23FE76] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xAA241944] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xAA240330] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xAA23F002] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xAA23F21E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xAA23EBD2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xAA23E9C0] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe[136] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 0094D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe[136] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [04, 84] {ADD AL, 0x84} .text C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe[136] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0095BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe[136] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0095B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe[136] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00957DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe[136] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0094D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe[136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00954F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe[136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00955AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe[136] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00958BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe[136] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00958990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe[136] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00959CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe[136] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00959BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe[136] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00953A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe[136] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00954390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe[256] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 003CD080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe[256] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [AC, 83] .text C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe[256] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 003DBB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe[256] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 003DB860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe[256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D7DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe[256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003CD1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe[256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003D4F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe[256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003D5AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe[256] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 003D3A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe[256] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 003D4390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe[256] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 003D8BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe[256] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 003D8990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe[256] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 003D9CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe[256] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 003D9BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[268] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 009FD080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[268] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [0F, 84] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[268] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 00A0BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[268] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 00A0B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[268] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A07DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[268] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 009FD1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A04F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A05AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[268] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00A03A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[268] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00A04390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[268] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00A08BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[268] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00A08990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[268] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00A09CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[268] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00A09BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\csrss.exe[448] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\csrss.exe[448] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[520] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[520] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\services.exe[520] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[520] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[520] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[520] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[520] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[520] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[520] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[520] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[520] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[520] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[532] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[532] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\lsass.exe[532] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[532] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[532] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[532] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[532] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[532] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[532] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[532] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[532] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[532] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[532] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[532] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[696] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[696] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[696] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[696] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[696] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[696] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[696] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[696] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[696] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[696] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[696] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[708] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[708] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[708] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[708] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[708] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[708] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[708] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[756] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[756] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[756] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[756] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[756] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[756] rpcss.dll!WhichService 76A64234 8 Bytes JMP ED501001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[816] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00533F00 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[816] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0054D9A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[860] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[944] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[944] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[944] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[944] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[944] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[944] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[944] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[944] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[944] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[944] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[944] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\OTL.exe[1024] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\OTL.exe[1024] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Documents and Settings\my\Pulpit\OTL.exe[1024] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\OTL.exe[1024] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\OTL.exe[1024] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\OTL.exe[1024] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\OTL.exe[1024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\OTL.exe[1024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\OTL.exe[1024] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\OTL.exe[1024] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\OTL.exe[1024] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\OTL.exe[1024] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\OTL.exe[1024] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\OTL.exe[1024] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1028] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1028] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1028] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1028] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1108] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1108] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1108] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1108] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[1204] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[1204] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\wdfmgr.exe[1204] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[1204] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[1204] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[1204] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[1204] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[1204] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[1204] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[1204] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[1204] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[1204] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[1204] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[1204] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1228] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1228] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1228] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1228] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1228] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1228] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1356] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1356] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\Explorer.EXE[1356] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1356] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1356] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1356] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1356] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1356] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1356] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1356] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1356] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\GoogleCrashHandler.exe[1528] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\GoogleCrashHandler.exe[1528] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Documents and Settings\my\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\GoogleCrashHandler.exe[1528] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\GoogleCrashHandler.exe[1528] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\GoogleCrashHandler.exe[1528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\GoogleCrashHandler.exe[1528] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\GoogleCrashHandler.exe[1528] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\GoogleCrashHandler.exe[1528] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\GoogleCrashHandler.exe[1528] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\GoogleCrashHandler.exe[1528] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\GoogleCrashHandler.exe[1528] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\GoogleCrashHandler.exe[1528] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\GoogleCrashHandler.exe[1528] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\GoogleCrashHandler.exe[1528] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre1.5.0\bin\jusched.exe[1640] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre1.5.0\bin\jusched.exe[1640] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Java\jre1.5.0\bin\jusched.exe[1640] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre1.5.0\bin\jusched.exe[1640] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre1.5.0\bin\jusched.exe[1640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre1.5.0\bin\jusched.exe[1640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre1.5.0\bin\jusched.exe[1640] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre1.5.0\bin\jusched.exe[1640] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre1.5.0\bin\jusched.exe[1640] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre1.5.0\bin\jusched.exe[1640] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre1.5.0\bin\jusched.exe[1640] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre1.5.0\bin\jusched.exe[1640] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre1.5.0\bin\jusched.exe[1640] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre1.5.0\bin\jusched.exe[1640] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1652] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1652] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\RTHDCPL.EXE[1652] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1652] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1652] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1652] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1652] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1652] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1652] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1652] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1652] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe[1660] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe[1660] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe[1660] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe[1660] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe[1660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe[1660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe[1660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe[1660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe[1660] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe[1660] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe[1660] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe[1660] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe[1660] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe[1660] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1668] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 0092D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1668] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [02, 84] .text C:\WINDOWS\system32\igfxtray.exe[1668] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0093BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1668] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0093B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1668] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00937DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1668] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0092D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1668] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00934F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1668] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00935AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1668] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00938BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1668] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00938990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1668] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00939CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1668] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00939BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1668] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00933A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1668] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00934390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\hkcmd.exe[1676] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 0092D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\hkcmd.exe[1676] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [02, 84] .text C:\WINDOWS\system32\hkcmd.exe[1676] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0093BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\hkcmd.exe[1676] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0093B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\hkcmd.exe[1676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00937DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\hkcmd.exe[1676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0092D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\hkcmd.exe[1676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00934F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\hkcmd.exe[1676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00935AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\hkcmd.exe[1676] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00938BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\hkcmd.exe[1676] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00938990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\hkcmd.exe[1676] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00939CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\hkcmd.exe[1676] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00939BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\hkcmd.exe[1676] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00933A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\hkcmd.exe[1676] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00934390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxpers.exe[1688] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxpers.exe[1688] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\igfxpers.exe[1688] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxpers.exe[1688] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxpers.exe[1688] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxpers.exe[1688] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxpers.exe[1688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxpers.exe[1688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxpers.exe[1688] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxpers.exe[1688] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxpers.exe[1688] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxpers.exe[1688] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxpers.exe[1688] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxpers.exe[1688] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe[1728] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 00BAD080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe[1728] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [2A, 84] .text C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe[1728] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 00BBBB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe[1728] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 00BBB860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe[1728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00BB7DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe[1728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00BAD1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe[1728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB4F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe[1728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB5AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe[1728] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00BB3A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe[1728] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00BB4390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe[1728] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00BB8BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe[1728] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00BB8990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe[1728] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00BB9CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe[1728] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00BB9BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxsrvc.exe[1760] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxsrvc.exe[1760] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\igfxsrvc.exe[1760] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxsrvc.exe[1760] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxsrvc.exe[1760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxsrvc.exe[1760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxsrvc.exe[1760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxsrvc.exe[1760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxsrvc.exe[1760] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxsrvc.exe[1760] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxsrvc.exe[1760] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxsrvc.exe[1760] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxsrvc.exe[1760] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxsrvc.exe[1760] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1880] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0077FC60 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1908] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1908] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\ctfmon.exe[1908] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1908] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1908] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1908] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1908] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1908] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1908] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1908] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1908] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1920] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 009AD080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1920] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [0A, 84] .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1920] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 009BBB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1920] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 009BB860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009B7DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1920] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 009AD1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009B4F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009B5AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1920] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 009B8BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1920] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 009B8990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1920] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 009B9CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1920] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 009B9BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1920] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 009B3A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1920] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 009B4390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe[2020] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 0095D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe[2020] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [05, 84] .text C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe[2020] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0096BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe[2020] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0096B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe[2020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00967DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe[2020] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0095D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe[2020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00964F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe[2020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00965AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe[2020] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00968BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe[2020] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00968990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe[2020] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00969CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe[2020] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00969BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe[2020] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00963A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe[2020] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00964390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxext.exe[2192] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxext.exe[2192] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\igfxext.exe[2192] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxext.exe[2192] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxext.exe[2192] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxext.exe[2192] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxext.exe[2192] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxext.exe[2192] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxext.exe[2192] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxext.exe[2192] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxext.exe[2192] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxext.exe[2192] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxext.exe[2192] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxext.exe[2192] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2332] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2332] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2332] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2332] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2332] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2332] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Update\GoogleUpdate.exe[3088] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Update\GoogleUpdate.exe[3088] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Google\Update\GoogleUpdate.exe[3088] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Update\GoogleUpdate.exe[3088] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Update\GoogleUpdate.exe[3088] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Update\GoogleUpdate.exe[3088] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Update\GoogleUpdate.exe[3088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Update\GoogleUpdate.exe[3088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Update\GoogleUpdate.exe[3088] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Update\GoogleUpdate.exe[3088] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Update\GoogleUpdate.exe[3088] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Update\GoogleUpdate.exe[3088] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Update\GoogleUpdate.exe[3088] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Update\GoogleUpdate.exe[3088] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\xjpogxbp.exe[3256] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\xjpogxbp.exe[3256] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Documents and Settings\my\Pulpit\xjpogxbp.exe[3256] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\xjpogxbp.exe[3256] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\xjpogxbp.exe[3256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\xjpogxbp.exe[3256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\xjpogxbp.exe[3256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\xjpogxbp.exe[3256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\xjpogxbp.exe[3256] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\xjpogxbp.exe[3256] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\xjpogxbp.exe[3256] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\xjpogxbp.exe[3256] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\xjpogxbp.exe[3256] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\my\Pulpit\xjpogxbp.exe[3256] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7348750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7348820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F73487F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F73487B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F73487B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7348820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7348750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F73487F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F73487F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F73487B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7348820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F7348750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F73487B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F73487F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7348750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7348820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7348750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7348820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F73487B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F73487B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F73487F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7348750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7348820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----