GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-31 11:40:07 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\00000062 WDC_WD1600JS-60NCB1 rev.10.02E02 Running: gmer.exe; Driver: D:\DOCUME~1\Ewelina\USTAWI~1\Temp\pxtdapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xAF514824] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xAF513DD0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xAF51448A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xAF515062] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xAF516C26] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xAF516FA4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xAF5137BC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xAF514A10] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xAF514C18] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xAF5135C2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xAF515830] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xAF515A86] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xAF516658] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xAF514098] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xAF514666] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xAF515052] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xAF5131F0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xAF514332] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xAF5133F4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xAF515C94] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xAF5160E8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xAF515EA6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xAF5155C8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xAF514E76] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xAF516944] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xAF515330] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xAF514002] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xAF51421E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xAF513BD2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xAF5139C0] ---- Kernel code sections - GMER 1.0.15 ---- .text D:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB8492360, 0x3441C7, 0xE8000020] .text ipsec.sys AF4D7300 396 Bytes [90, 90, 90, 90, 90, 90, 90, ...] .text ipsec.sys AF4D748D 30 Bytes [1B, C9, 23, CA, 83, 78, 0C, ...] .text ipsec.sys AF4D74AC 241 Bytes [FF, 15, FC, 67, 4E, AF, 8A, ...] .text ipsec.sys AF4D759F 175 Bytes [4E, AF, 8B, CB, FF, 15, 48, ...] .text ipsec.sys AF4D764F 117 Bytes [55, 14, 89, 5E, 10, 89, 56, ...] .text ... .INIT D:\WINDOWS\system32\DRIVERS\ipsec.sys entry point in ".INIT" section [0xAF4E5522] ? D:\WINDOWS\system32\DRIVERS\ipsec.sys suspicious PE modification ---- User code sections - GMER 1.0.15 ---- .text D:\WINDOWS\System32\svchost.exe[196] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[196] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\WINDOWS\System32\svchost.exe[196] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[196] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[196] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[196] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[196] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[196] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[196] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[196] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[196] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[196] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[196] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[196] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[204] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0077FC60 D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text H:\gmer.exe[280] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text H:\gmer.exe[280] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text H:\gmer.exe[280] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text H:\gmer.exe[280] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text H:\gmer.exe[280] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text H:\gmer.exe[280] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text H:\gmer.exe[280] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text H:\gmer.exe[280] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text H:\gmer.exe[280] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text H:\gmer.exe[280] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text H:\gmer.exe[280] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text H:\gmer.exe[280] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text H:\gmer.exe[280] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text H:\gmer.exe[280] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[324] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[324] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\WINDOWS\system32\ctfmon.exe[324] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[324] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[324] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[324] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[324] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[324] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[324] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[324] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[324] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[324] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[324] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[324] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Java\jre6\bin\jqs.exe[340] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Java\jre6\bin\jqs.exe[340] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\Program Files\Java\jre6\bin\jqs.exe[340] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Java\jre6\bin\jqs.exe[340] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Java\jre6\bin\jqs.exe[340] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Java\jre6\bin\jqs.exe[340] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Java\jre6\bin\jqs.exe[340] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Java\jre6\bin\jqs.exe[340] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Java\jre6\bin\jqs.exe[340] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Java\jre6\bin\jqs.exe[340] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Java\jre6\bin\jqs.exe[340] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Java\jre6\bin\jqs.exe[340] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[496] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 0096D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[496] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [06, 84] .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[496] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0097BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[496] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0097B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[496] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00977DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[496] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0096D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[496] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00974F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[496] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00975AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[496] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 00973A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[496] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 00974390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[496] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00978BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[496] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 00979CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[496] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 00978990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[496] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 00979BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\nvsvc32.exe[656] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\nvsvc32.exe[656] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\WINDOWS\System32\nvsvc32.exe[656] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\nvsvc32.exe[656] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\nvsvc32.exe[656] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\nvsvc32.exe[656] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\nvsvc32.exe[656] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\nvsvc32.exe[656] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\nvsvc32.exe[656] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\nvsvc32.exe[656] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\nvsvc32.exe[656] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\nvsvc32.exe[656] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\nvsvc32.exe[656] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\nvsvc32.exe[656] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\csrss.exe[660] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10001450 D:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\csrss.exe[660] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 100017F0 D:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[732] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[732] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\WINDOWS\system32\services.exe[732] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[732] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[732] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[732] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[732] RPCRT4.dll!RpcServerRegisterIfEx 77E90D13 5 Bytes JMP 1001F060 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[732] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[732] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[732] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[732] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[744] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[744] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[744] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[744] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[744] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[744] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[892] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[892] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\WINDOWS\System32\svchost.exe[892] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[892] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[892] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[892] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[892] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[892] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[892] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[892] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[892] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[892] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[892] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[892] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[896] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[896] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[896] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[896] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[896] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[896] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[896] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[896] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[896] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[896] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[896] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[896] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[896] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[896] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[920] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[920] RPCRT4.dll!RpcServerRegisterIfEx 77E90D13 5 Bytes JMP 1001F060 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[920] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[920] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[920] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[920] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[968] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[968] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[968] RPCRT4.dll!RpcServerRegisterIfEx 77E90D13 5 Bytes JMP 1001F060 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[968] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[968] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[968] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[968] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[968] rpcss.dll!WhichService 76A63CAC 8 Bytes JMP ED501001 .text D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1072] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00533F00 D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1072] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0054D9A0 D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1188] RPCRT4.dll!RpcServerRegisterIfEx 77E90D13 5 Bytes JMP 1001F060 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1188] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1188] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1188] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1188] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[1280] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[1280] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\WINDOWS\System32\svchost.exe[1280] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[1280] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[1280] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[1280] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[1280] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[1280] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[1280] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[1280] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[1280] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[1280] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1444] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1444] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1444] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1444] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1556] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1556] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\WINDOWS\system32\spoolsv.exe[1556] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1556] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1556] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1556] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1556] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1556] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1556] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1556] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1556] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1556] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1556] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1556] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\explorer.exe[1848] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\explorer.exe[1848] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\WINDOWS\explorer.exe[1848] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\explorer.exe[1848] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\explorer.exe[1848] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\explorer.exe[1848] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\explorer.exe[1848] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\explorer.exe[1848] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\explorer.exe[1848] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\explorer.exe[1848] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\explorer.exe[1848] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\explorer.exe[1848] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\explorer.exe[1848] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\explorer.exe[1848] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\VDOTool\TBPanel.exe[1932] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\VDOTool\TBPanel.exe[1932] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\Program Files\VDOTool\TBPanel.exe[1932] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\VDOTool\TBPanel.exe[1932] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\VDOTool\TBPanel.exe[1932] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\VDOTool\TBPanel.exe[1932] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\VDOTool\TBPanel.exe[1932] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\VDOTool\TBPanel.exe[1932] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\VDOTool\TBPanel.exe[1932] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\VDOTool\TBPanel.exe[1932] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\VDOTool\TBPanel.exe[1932] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\VDOTool\TBPanel.exe[1932] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\VDOTool\TBPanel.exe[1932] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\VDOTool\TBPanel.exe[1932] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\RUNDLL32.EXE[1956] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\RUNDLL32.EXE[1956] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\WINDOWS\system32\RUNDLL32.EXE[1956] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\RUNDLL32.EXE[1956] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\RUNDLL32.EXE[1956] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\RUNDLL32.EXE[1956] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\RUNDLL32.EXE[1956] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\RUNDLL32.EXE[1956] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\RUNDLL32.EXE[1956] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\RUNDLL32.EXE[1956] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\RUNDLL32.EXE[1956] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\RUNDLL32.EXE[1956] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\RUNDLL32.EXE[1956] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\RUNDLL32.EXE[1956] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\SOUNDMAN.EXE[1964] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\SOUNDMAN.EXE[1964] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\WINDOWS\SOUNDMAN.EXE[1964] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\SOUNDMAN.EXE[1964] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\SOUNDMAN.EXE[1964] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\SOUNDMAN.EXE[1964] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\SOUNDMAN.EXE[1964] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\SOUNDMAN.EXE[1964] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\SOUNDMAN.EXE[1964] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\SOUNDMAN.EXE[1964] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\SOUNDMAN.EXE[1964] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\SOUNDMAN.EXE[1964] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\SOUNDMAN.EXE[1964] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\SOUNDMAN.EXE[1964] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1972] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1972] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1972] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1972] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1972] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1972] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1972] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1972] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1972] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1972] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1972] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1972] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1972] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1972] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Java\Java Update\jusched.exe[1980] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Java\Java Update\jusched.exe[1980] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\Program Files\Common Files\Java\Java Update\jusched.exe[1980] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Java\Java Update\jusched.exe[1980] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Java\Java Update\jusched.exe[1980] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Java\Java Update\jusched.exe[1980] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Java\Java Update\jusched.exe[1980] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Java\Java Update\jusched.exe[1980] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Java\Java Update\jusched.exe[1980] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Java\Java Update\jusched.exe[1980] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Java\Java Update\jusched.exe[1980] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Java\Java Update\jusched.exe[1980] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Java\Java Update\jusched.exe[1980] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Java\Java Update\jusched.exe[1980] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[2000] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[2000] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[2000] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[2000] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[2000] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[2000] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[2000] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[2000] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[2000] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[2000] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[2000] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[2000] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[2000] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[2000] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2008] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2008] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2008] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2008] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2008] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2008] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2008] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2008] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2008] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2008] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2008] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2008] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2008] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2008] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2016] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2016] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2016] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2016] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2016] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2016] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2016] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2016] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2016] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2016] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2016] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2016] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2016] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2016] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\unsecapp.exe[2680] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\unsecapp.exe[2680] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\WINDOWS\System32\wbem\unsecapp.exe[2680] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\unsecapp.exe[2680] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\unsecapp.exe[2680] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\unsecapp.exe[2680] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\unsecapp.exe[2680] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\unsecapp.exe[2680] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\unsecapp.exe[2680] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\unsecapp.exe[2680] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\unsecapp.exe[2680] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\unsecapp.exe[2680] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\unsecapp.exe[2680] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\unsecapp.exe[2680] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\wmiapsrv.exe[3088] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\wmiapsrv.exe[3088] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\WINDOWS\System32\wbem\wmiapsrv.exe[3088] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\wmiapsrv.exe[3088] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\wmiapsrv.exe[3088] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\wmiapsrv.exe[3088] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\wmiapsrv.exe[3088] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\wmiapsrv.exe[3088] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\wmiapsrv.exe[3088] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\wmiapsrv.exe[3088] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\wmiapsrv.exe[3088] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\wmiapsrv.exe[3088] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\wmiapsrv.exe[3088] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\wbem\wmiapsrv.exe[3088] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wscntfy.exe[3156] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wscntfy.exe[3156] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\WINDOWS\system32\wscntfy.exe[3156] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wscntfy.exe[3156] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wscntfy.exe[3156] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wscntfy.exe[3156] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wscntfy.exe[3156] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wscntfy.exe[3156] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wscntfy.exe[3156] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wscntfy.exe[3156] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wscntfy.exe[3156] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wscntfy.exe[3156] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wscntfy.exe[3156] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wscntfy.exe[3156] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wbem\wmiprvse.exe[3184] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wbem\wmiprvse.exe[3184] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\WINDOWS\system32\wbem\wmiprvse.exe[3184] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wbem\wmiprvse.exe[3184] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wbem\wmiprvse.exe[3184] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wbem\wmiprvse.exe[3184] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wbem\wmiprvse.exe[3184] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wbem\wmiprvse.exe[3184] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wbem\wmiprvse.exe[3184] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wbem\wmiprvse.exe[3184] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wbem\wmiprvse.exe[3184] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wbem\wmiprvse.exe[3184] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wbem\wmiprvse.exe[3184] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\wbem\wmiprvse.exe[3184] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[3620] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[3620] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text D:\WINDOWS\System32\svchost.exe[3620] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[3620] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[3620] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[3620] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[3620] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[3620] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[3620] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[3620] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[3620] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[3620] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[3620] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\svchost.exe[3620] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\.\globalroot\SystemRoot\system32\svchost.exe[3916] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\.\globalroot\SystemRoot\system32\svchost.exe[3916] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text \\.\globalroot\SystemRoot\system32\svchost.exe[3916] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\.\globalroot\SystemRoot\system32\svchost.exe[3916] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\.\globalroot\SystemRoot\system32\svchost.exe[3916] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\.\globalroot\SystemRoot\system32\svchost.exe[3916] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D1A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\.\globalroot\SystemRoot\system32\svchost.exe[3916] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F30 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\.\globalroot\SystemRoot\system32\svchost.exe[3916] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\.\globalroot\SystemRoot\system32\svchost.exe[3916] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\.\globalroot\SystemRoot\system32\svchost.exe[3916] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024390 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\.\globalroot\SystemRoot\system32\svchost.exe[3916] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\.\globalroot\SystemRoot\system32\svchost.exe[3916] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\.\globalroot\SystemRoot\system32\svchost.exe[3916] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028990 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\.\globalroot\SystemRoot\system32\svchost.exe[3916] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Modules - GMER 1.0.15 ---- Module (noname) (*** hidden *** ) AFFA3000-AFFB2000 (61440 bytes) ---- Threads - GMER 1.0.15 ---- Thread System [4:396] 8982A540 Thread services.exe [732:1120] 00D2EE96 ---- Processes - GMER 1.0.15 ---- Library d:\windows\system32\adaptecstoragemanageragent.dll (*** hidden *** ) @ \\.\globalroot\SystemRoot\system32\svchost.exe [3916] 0x3AFD0000 ---- Files - GMER 1.0.15 ---- File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\548AE63B-88BC-4E6F-8CAB-77B6FAB8A018.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\548AE63B-88BC-4E6F-8CAB-77B6FAB8A018.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\557D4FB1-2812-482B-BD0C-05A82389CF44.data 23552 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\557D4FB1-2812-482B-BD0C-05A82389CF44.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\56FAFCA0-FF61-4393-B7D5-5B6287734AAF.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\56FAFCA0-FF61-4393-B7D5-5B6287734AAF.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\58E30596-FB9C-4E53-AAF8-C2D9589F51F3.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\58E30596-FB9C-4E53-AAF8-C2D9589F51F3.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\5B8AF773-EBEC-45E1-B293-F247AD6198FE.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\5B8AF773-EBEC-45E1-B293-F247AD6198FE.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\5BAE4810-FCD8-41AF-B5C8-770B2B5812BA.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\5BAE4810-FCD8-41AF-B5C8-770B2B5812BA.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\7BF244FA-C16A-4BFF-B16B-42E12308A24B.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\7C2D7471-48D9-4A4B-8D6E-3027616E2A08.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\7C2D7471-48D9-4A4B-8D6E-3027616E2A08.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\7C70352D-AE4B-4755-AFD4-7750524FA35A.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\7C70352D-AE4B-4755-AFD4-7750524FA35A.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\7D7BCF8C-0064-4BEE-A0A2-5C3C78C6543C.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\7D7BCF8C-0064-4BEE-A0A2-5C3C78C6543C.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\7DF48AEB-765F-4DDA-8E0E-324F4D668D2F.data 23552 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\7DF48AEB-765F-4DDA-8E0E-324F4D668D2F.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\7E269517-D438-45FF-B78C-D7E4BEA124FE.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\7E269517-D438-45FF-B78C-D7E4BEA124FE.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\97651364-8450-41F1-A9F6-10950A5D9913.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\97651364-8450-41F1-A9F6-10950A5D9913.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\99228EEB-B552-4CF3-80A1-623E265FBD90.data 23552 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\99228EEB-B552-4CF3-80A1-623E265FBD90.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\9B956245-A1D8-4510-BAB6-3092F31D030E.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\9B956245-A1D8-4510-BAB6-3092F31D030E.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\9C2FB1D7-BE1C-44C5-BEC2-C75774F4BA26.data 23552 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\9C2FB1D7-BE1C-44C5-BEC2-C75774F4BA26.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\9C64AC4A-CD3A-4E9D-B39A-C592968A88E1.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\9C64AC4A-CD3A-4E9D-B39A-C592968A88E1.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\9CC0EDE0-9D8E-4409-A106-4F8B367BA798.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\9CC0EDE0-9D8E-4409-A106-4F8B367BA798.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\A9CACEE8-DBE4-40CE-9409-C1E7DAE6B6A8.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\A9CACEE8-DBE4-40CE-9409-C1E7DAE6B6A8.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\AC2E4061-2803-4F48-9CB8-B4EA46587520.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\AC2E4061-2803-4F48-9CB8-B4EA46587520.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\B1D2FEB8-0387-4AB1-AF8A-4A3310CB1232.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\B1D2FEB8-0387-4AB1-AF8A-4A3310CB1232.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\EBD2492E-3852-499D-9587-7095996B97FE.data 3902979 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\EBD2492E-3852-499D-9587-7095996B97FE.data.info 172 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\EF4051AC-89EC-4DA3-9EE5-E64E898D0905.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\EF4051AC-89EC-4DA3-9EE5-E64E898D0905.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\F2DCA6BD-D386-4C3D-9EB3-CCE6C94E2E81.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\F2DCA6BD-D386-4C3D-9EB3-CCE6C94E2E81.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\F32BD5F3-B5EC-4B3E-9F7C-0D27FB190D98.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\F32BD5F3-B5EC-4B3E-9F7C-0D27FB190D98.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\F340C292-DBEB-4B2C-AA52-B025FBC3A244.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\F340C292-DBEB-4B2C-AA52-B025FBC3A244.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\F3EA3798-A40B-4620-B382-48DC39F84C1B.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\6655CF75-CA6D-4ECA-91F0-B6E322F22C6E.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\67479DC8-4941-4A2D-9A04-88272768247A.data 105472 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\67479DC8-4941-4A2D-9A04-88272768247A.data.info 240 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\6854AD9D-B56C-4537-BACE-9F0DDFF9A994.data 23552 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\6854AD9D-B56C-4537-BACE-9F0DDFF9A994.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\6A3F3E08-6A33-4AC1-A3FB-DED105A1C2D8.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\6A3F3E08-6A33-4AC1-A3FB-DED105A1C2D8.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\6CF02E32-FB3D-4855-8E4C-AE14F8852AC2.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\6CF02E32-FB3D-4855-8E4C-AE14F8852AC2.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\6E66509B-4FF6-44C3-B320-7EFB94F67CEA.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\8CC70156-D9F1-4AB3-B151-274BD253EB42.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\8CC70156-D9F1-4AB3-B151-274BD253EB42.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\8D2FCEAB-695F-443E-B7B4-ADD4C1147C0F.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\8D2FCEAB-695F-443E-B7B4-ADD4C1147C0F.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\90B236D3-B0DD-44C7-B500-D99E6E6BD0A6.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\90B236D3-B0DD-44C7-B500-D99E6E6BD0A6.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\933FBCB7-18B7-4F2C-B0F1-8C15AC0731A6.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\933FBCB7-18B7-4F2C-B0F1-8C15AC0731A6.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\2F9E8D58-08AC-4865-AD68-32433258BA01.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\3013AEA6-CD70-467F-8B39-053646E82594.data 23552 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\3013AEA6-CD70-467F-8B39-053646E82594.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\30178FD3-1284-4441-B7CA-9F745A67C8BF.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\30178FD3-1284-4441-B7CA-9F745A67C8BF.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\30996D88-747C-44B5-A909-84B9DB022A69.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\30996D88-747C-44B5-A909-84B9DB022A69.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\31C5CC74-15DD-4AB9-95D6-14DEA8CBDD23.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\31C5CC74-15DD-4AB9-95D6-14DEA8CBDD23.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\F406CE7B-A1FB-424F-9926-12D9C082D7EC.data 23552 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\F406CE7B-A1FB-424F-9926-12D9C082D7EC.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\F64C5945-B103-4E20-ACBE-6ECA79B4926B.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\F64C5945-B103-4E20-ACBE-6ECA79B4926B.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\F96A0D39-05C0-4705-BA1E-A1C770F34E1A.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\F96A0D39-05C0-4705-BA1E-A1C770F34E1A.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\B2E3365C-0208-4B16-835A-A17383127257.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\B6D244B4-226C-4DDF-97A3-6720AE88FBAD.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\B6D244B4-226C-4DDF-97A3-6720AE88FBAD.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\BDFED0FA-C148-45BA-AA4D-3D49430A9F8D.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\BDFED0FA-C148-45BA-AA4D-3D49430A9F8D.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\BF5455A0-FE2A-48E4-B27D-48C8FB68E39A.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\BF5455A0-FE2A-48E4-B27D-48C8FB68E39A.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\BFA9C9E2-C663-4920-AE97-D3B94E3E0C2E.data 2327040 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\BFA9C9E2-C663-4920-AE97-D3B94E3E0C2E.data.info 256 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\C148E218-5E90-454D-807E-85233429C88B.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\C148E218-5E90-454D-807E-85233429C88B.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\3BCEDC7F-6DB6-4479-9E7D-55F0ED490F00.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\3BCEDC7F-6DB6-4479-9E7D-55F0ED490F00.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\3F7FA8A2-4356-4C5E-A87B-ACF2EDB78446.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\3F7FA8A2-4356-4C5E-A87B-ACF2EDB78446.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\3F89D845-B9E1-4949-B525-C8E8E2BB6EC6.data 23552 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\3F89D845-B9E1-4949-B525-C8E8E2BB6EC6.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\413124EF-536C-4D0A-9CCD-42BDEF00DC4C.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\413124EF-536C-4D0A-9CCD-42BDEF00DC4C.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\42804B67-EEAA-4407-B9B2-371CFAE93BDF.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\42804B67-EEAA-4407-B9B2-371CFAE93BDF.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\46529499-F6CE-4937-9C53-E355CD1BEE77.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\46529499-F6CE-4937-9C53-E355CD1BEE77.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\4975956A-95AE-402B-B2B3-73FFDE240BDB.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\4975956A-95AE-402B-B2B3-73FFDE240BDB.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\0DCD403D-053D-4097-8726-FD89E5E41E9A.data 23552 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\0DCD403D-053D-4097-8726-FD89E5E41E9A.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\10079E09-9729-46CC-9966-D102F872C994.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\10079E09-9729-46CC-9966-D102F872C994.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\1282C7BC-491B-4540-A3F8-E8BAC6A3BE41.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\1282C7BC-491B-4540-A3F8-E8BAC6A3BE41.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\1502B530-E170-4773-AEE8-E09CC85FC185.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\1502B530-E170-4773-AEE8-E09CC85FC185.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\5DEC5A7C-7907-4A75-B271-D2CD31576A67.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\5E8FB8EF-BABD-4AD2-A2CA-6145A07DE12D.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\5E8FB8EF-BABD-4AD2-A2CA-6145A07DE12D.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\5F679C1F-926B-455F-8420-B4F7B5F25335.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\5F679C1F-926B-455F-8420-B4F7B5F25335.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\61AD86B3-301A-41E1-BBF1-C7EBBA79381B.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\61AD86B3-301A-41E1-BBF1-C7EBBA79381B.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\61B78823-B010-43CF-B5A7-54B071E05CCD.data 0 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\61B78823-B010-43CF-B5A7-54B071E05CCD.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\61D499A7-A2EF-44D5-AE2E-0DA7A7EFA994.data 23552 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\61D499A7-A2EF-44D5-AE2E-0DA7A7EFA994.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\70875B78-C80B-4A9C-A73F-718B9AAEEE76.data 5120 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\70875B78-C80B-4A9C-A73F-718B9AAEEE76.data.info 152 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\70B02F75-211C-4CD9-9B5A-B1025F6260B2.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\70B02F75-211C-4CD9-9B5A-B1025F6260B2.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\7238CDB9-BE4B-4CA9-8C1B-5F77EC011778.data 2327040 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\7238CDB9-BE4B-4CA9-8C1B-5F77EC011778.data.info 256 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\730942B1-1BAD-4FB9-9630-3CE8467B1474.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\730942B1-1BAD-4FB9-9630-3CE8467B1474.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\D57891E5-8965-4CE8-96C7-AFE73A7CF58A.data 23552 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\D57891E5-8965-4CE8-96C7-AFE73A7CF58A.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\D6835D12-7816-479E-854B-11EC3D9266B0.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\D6835D12-7816-479E-854B-11EC3D9266B0.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\DE0F3567-66CA-4CCA-8C23-4E401488FC9A.data 23552 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\DE0F3567-66CA-4CCA-8C23-4E401488FC9A.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\C2220B48-6BCC-46A5-8592-AF8C6F6784F7.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\C2220B48-6BCC-46A5-8592-AF8C6F6784F7.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\C364165E-7D93-44A6-8508-F5B8FC556664.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\C364165E-7D93-44A6-8508-F5B8FC556664.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\C42262E2-90CD-4C76-9F2C-21E0B8EED2DC.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\C42262E2-90CD-4C76-9F2C-21E0B8EED2DC.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\C46AC2C5-2AA7-4A7A-A6C0-4364BADC1168.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\C46AC2C5-2AA7-4A7A-A6C0-4364BADC1168.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\C4AD111C-6FC8-4528-BF6E-8B2361D9485E.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\C4AD111C-6FC8-4528-BF6E-8B2361D9485E.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\C62873E4-2AB6-4E21-A9AA-E1A5194B6196.data 51 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\2180A9A1-8135-49B2-BD71-D3CE27C8D52C.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\25F75E6D-5F9A-4794-A7F7-DC39613CFF50.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\25F75E6D-5F9A-4794-A7F7-DC39613CFF50.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\261BD151-78C0-4183-8934-A36672AC65D1.data 23552 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\261BD151-78C0-4183-8934-A36672AC65D1.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\2635BCF4-8CCF-4314-95A8-740AB58FF87E.data 23552 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\2635BCF4-8CCF-4314-95A8-740AB58FF87E.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\2792589A-0928-4B90-829C-9810C026969A.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\2792589A-0928-4B90-829C-9810C026969A.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\2945E12D-6C39-4BA0-A05D-15E226E5ABEE.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\2945E12D-6C39-4BA0-A05D-15E226E5ABEE.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\49DFEA70-CCEA-472E-B10B-7A7FBFB19680.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\4C77D96F-B2FF-4DBE-8E5F-26A4B8BFF0C1.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\4C77D96F-B2FF-4DBE-8E5F-26A4B8BFF0C1.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\4D65EE11-54A4-45F4-B143-B16C19E75E51.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\4D65EE11-54A4-45F4-B143-B16C19E75E51.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\5032B466-3998-497C-A254-0EB0B58C4F91.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\5032B466-3998-497C-A254-0EB0B58C4F91.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\508F6465-6739-47CF-8015-DB096A2FD856.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\9E1DCBDB-3317-4C75-A8DC-D85A0914DD5E.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\A3F85594-32B9-4913-91F5-1569666552D2.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\A3F85594-32B9-4913-91F5-1569666552D2.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\A64267CA-9CF6-4BAB-B706-2DE22FAD181E.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\A64267CA-9CF6-4BAB-B706-2DE22FAD181E.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\A92589A9-8E64-4571-9DDA-A972B7BE285A.data 0 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\054E8AE1-33A6-4B69-94B1-B26D27B8BA8D.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\054E8AE1-33A6-4B69-94B1-B26D27B8BA8D.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\0708C950-937F-49C7-9F39-76BFE9CC47FD.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\0708C950-937F-49C7-9F39-76BFE9CC47FD.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\0856FABF-9167-4CB5-B40F-D7B5A9E98CEE.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\0856FABF-9167-4CB5-B40F-D7B5A9E98CEE.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\0927FD71-EB49-4D6B-A387-90FE10F5A940.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\0927FD71-EB49-4D6B-A387-90FE10F5A940.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\0AE9D540-2F8A-47D7-B3C4-22FF97CE125B.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\0AE9D540-2F8A-47D7-B3C4-22FF97CE125B.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\0C2AFE45-8E7B-499C-BEF6-90DBBCC89930.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\62BE3A49-A63A-4985-B751-A82032D4197F.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\62BE3A49-A63A-4985-B751-A82032D4197F.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\63B038E8-59A3-4E69-89F3-20B115DC33BD.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\63B038E8-59A3-4E69-89F3-20B115DC33BD.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\645CB918-35C1-451A-AF82-D6445561CB2D.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\645CB918-35C1-451A-AF82-D6445561CB2D.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\6619FD6F-C91E-4102-923D-E3C9CA228819.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\6619FD6F-C91E-4102-923D-E3C9CA228819.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\7E284F39-0B84-400B-A16F-B416097C3B60.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\7E284F39-0B84-400B-A16F-B416097C3B60.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\820338E8-3B4C-4B9A-A8C9-C87127FCD63B.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\820338E8-3B4C-4B9A-A8C9-C87127FCD63B.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\85F0B464-8307-47E9-8AE6-6EB6B5BABFB4.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\85F0B464-8307-47E9-8AE6-6EB6B5BABFB4.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\879985A2-C3A0-4F10-9F49-4EBC786169B6.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\879985A2-C3A0-4F10-9F49-4EBC786169B6.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\8B41239D-66A4-41E7-B8B8-09DEC5CF0E2C.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\8B41239D-66A4-41E7-B8B8-09DEC5CF0E2C.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\8C46CFE3-B133-4F99-8A08-009CD12F6065.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\326DE30F-8A33-4074-92C2-E949B189C99B.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\326DE30F-8A33-4074-92C2-E949B189C99B.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\34CDDB2B-419D-4FA6-9C90-7BF0FE3AE136.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\34CDDB2B-419D-4FA6-9C90-7BF0FE3AE136.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\3585C541-DBE7-4795-8D0A-81CA9710435E.data 0 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\3585C541-DBE7-4795-8D0A-81CA9710435E.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\3A951EF7-684D-4C9F-8DA9-41FEB2D02CD2.data 23552 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\3A951EF7-684D-4C9F-8DA9-41FEB2D02CD2.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\2956FC59-397F-4F0D-AEA1-14528300D40A.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\2956FC59-397F-4F0D-AEA1-14528300D40A.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\2C92C5B6-4223-4860-80C8-171A4D9C0B5D.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\2C92C5B6-4223-4860-80C8-171A4D9C0B5D.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\2D069BCC-C71F-4026-806D-ECC1A310C798.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\2D069BCC-C71F-4026-806D-ECC1A310C798.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\2D6001BB-5ED5-4396-BFC1-0111D46268A1.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\2D6001BB-5ED5-4396-BFC1-0111D46268A1.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\2EC85490-9B04-4A3C-96C5-0DE305890EDB.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\2EC85490-9B04-4A3C-96C5-0DE305890EDB.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\FA0CAC2F-4EE9-491C-A274-04F10D1559D9.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\FA3528BE-2677-40ED-B4BC-F017ECB08571.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\FA3528BE-2677-40ED-B4BC-F017ECB08571.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\FAA62811-C63F-4814-8494-B853F6AFF42D.data 23552 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\FAA62811-C63F-4814-8494-B853F6AFF42D.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\FD2D0089-38B9-4922-B7F2-D6EB8C30A143.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\FD2D0089-38B9-4922-B7F2-D6EB8C30A143.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\FEC51532-2911-4181-9F6A-2592246FF786.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\FEC51532-2911-4181-9F6A-2592246FF786.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\FF68DC5E-4F0E-48B3-9F2A-990593A3428A.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\FF68DC5E-4F0E-48B3-9F2A-990593A3428A.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp 0 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v11949.cav 2122055 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v11950.cav 2126238 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v11951.cav 2178246 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v11952.cav 2115399 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v11953.cav 2147039 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v11954.cav 2126821 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v11955.cav 2131001 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb 3496 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\93ADC620-7929-4AB5-94D7-F86EA4370B24.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\94EA4ABF-7B6C-45DF-90B4-A68400443DC3.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\94EA4ABF-7B6C-45DF-90B4-A68400443DC3.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\95E862BF-9386-486C-957D-162A33BD6E7C.data 12800 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\95E862BF-9386-486C-957D-162A33BD6E7C.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\9679065E-064B-4CE6-97A8-A8B1DAC183E6.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\9679065E-064B-4CE6-97A8-A8B1DAC183E6.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\96DA9411-70D9-40F7-AC15-3A8645CE2C19.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\96DA9411-70D9-40F7-AC15-3A8645CE2C19.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\735709AF-9447-44AF-B12C-502060B08B69.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\77F5F484-4322-4032-BA0B-F085904655F2.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\77F5F484-4322-4032-BA0B-F085904655F2.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\7972889D-DB3D-4B38-87F0-4243DA790AA0.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\7972889D-DB3D-4B38-87F0-4243DA790AA0.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\7A179DC8-9A96-4E0C-A8F5-B1C7949B3001.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\7A179DC8-9A96-4E0C-A8F5-B1C7949B3001.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\17778D06-98B7-47DE-835E-056F524A6EB8.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\17778D06-98B7-47DE-835E-056F524A6EB8.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\1E137C87-3BB8-4B02-8055-83218EA158F8.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\1E137C87-3BB8-4B02-8055-83218EA158F8.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\1FFF23E5-6128-45C1-A9C3-88EAE735C379.data 23552 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\1FFF23E5-6128-45C1-A9C3-88EAE735C379.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\DF1CB791-3EBC-44B2-A1A3-6D41C67DB60D.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\E49EAC16-C87E-4A88-B536-FA1536AE1950.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\E49EAC16-C87E-4A88-B536-FA1536AE1950.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\E8A6D9F6-9242-4EF3-9E46-CCC716430777.data 23552 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\E8A6D9F6-9242-4EF3-9E46-CCC716430777.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\E96D9B79-3863-4CB1-A362-5D77489B2116.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\E96D9B79-3863-4CB1-A362-5D77489B2116.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\EBA2041F-72DF-4ED7-B80D-C8F2925B154B.data 18944 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\EBA2041F-72DF-4ED7-B80D-C8F2925B154B.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\02F10D78-1AAD-45B4-B98B-395606BE46DC.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\0C2AFE45-8E7B-499C-BEF6-90DBBCC89930.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\2180A9A1-8135-49B2-BD71-D3CE27C8D52C.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\2F9E8D58-08AC-4865-AD68-32433258BA01.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\49DFEA70-CCEA-472E-B10B-7A7FBFB19680.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\508F6465-6739-47CF-8015-DB096A2FD856.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\5DEC5A7C-7907-4A75-B271-D2CD31576A67.data 23552 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\6655CF75-CA6D-4ECA-91F0-B6E322F22C6E.data 23552 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\6E66509B-4FF6-44C3-B320-7EFB94F67CEA.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\735709AF-9447-44AF-B12C-502060B08B69.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\7BF244FA-C16A-4BFF-B16B-42E12308A24B.data 0 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\8C46CFE3-B133-4F99-8A08-009CD12F6065.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\93ADC620-7929-4AB5-94D7-F86EA4370B24.data 0 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\9E1DCBDB-3317-4C75-A8DC-D85A0914DD5E.data 0 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\A92589A9-8E64-4571-9DDA-A972B7BE285A.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\B2E3365C-0208-4B16-835A-A17383127257.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\01DA1B3E-988B-4B20-A77A-3DC2D0F78181.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\01DA1B3E-988B-4B20-A77A-3DC2D0F78181.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\022021DA-5DCA-4848-8631-BEEC6B2EA95E.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\022021DA-5DCA-4848-8631-BEEC6B2EA95E.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\024A98A8-AC62-44D2-95FD-560750FA90CB.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\024A98A8-AC62-44D2-95FD-560750FA90CB.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\02DE79F3-1600-445A-8228-5E793A3BDF3A.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\02DE79F3-1600-445A-8228-5E793A3BDF3A.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\02F10D78-1AAD-45B4-B98B-395606BE46DC.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\D3068F54-3609-4164-9364-42B589C6DBBE.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\DF1CB791-3EBC-44B2-A1A3-6D41C67DB60D.data 1536 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\F3EA3798-A40B-4620-B382-48DC39F84C1B.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\FA0CAC2F-4EE9-491C-A274-04F10D1559D9.data 23552 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\C77D873E-BA20-45A3-BFF8-BF6BB0F8ACB3.data 32768 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\C77D873E-BA20-45A3-BFF8-BF6BB0F8ACB3.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\CA61DF5C-3EC5-4B2D-86D6-9E14D220045B.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\CA61DF5C-3EC5-4B2D-86D6-9E14D220045B.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\CCBAFDCB-EC50-42D5-B056-042CD6FDAAB4.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\CCBAFDCB-EC50-42D5-B056-042CD6FDAAB4.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\CD1D5300-7367-43E5-8B7A-CD1295DDA982.data 3072 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\CD1D5300-7367-43E5-8B7A-CD1295DDA982.data.info 228 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\D219DD27-6CE5-449D-87FA-DF9E12B05D7A.data 3902979 bytes executable File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\D219DD27-6CE5-449D-87FA-DF9E12B05D7A.data.info 230 bytes File D:\Program Files\Comodo\COMODO Internet Security\Quarantine\D3068F54-3609-4164-9364-42B589C6DBBE.data 23552 bytes executable File D:\WINDOWS\$NtUninstallKB22578$\1509228089 0 bytes File D:\WINDOWS\$NtUninstallKB22578$\1509228089\@ 2048 bytes File D:\WINDOWS\$NtUninstallKB22578$\1509228089\L 0 bytes File D:\WINDOWS\$NtUninstallKB22578$\1509228089\L\akygdmgo 74752 bytes File D:\WINDOWS\$NtUninstallKB22578$\1509228089\loader.tlb 2632 bytes File D:\WINDOWS\$NtUninstallKB22578$\1509228089\U 0 bytes File D:\WINDOWS\$NtUninstallKB22578$\1509228089\U\@00000001 45968 bytes File D:\WINDOWS\$NtUninstallKB22578$\1509228089\U\@000000c0 2560 bytes File D:\WINDOWS\$NtUninstallKB22578$\1509228089\U\@000000cb 704 bytes File D:\WINDOWS\$NtUninstallKB22578$\1509228089\U\@000000cf 1536 bytes File D:\WINDOWS\$NtUninstallKB22578$\1509228089\U\@80000000 73728 bytes File D:\WINDOWS\$NtUninstallKB22578$\1509228089\U\@800000c0 43008 bytes File D:\WINDOWS\$NtUninstallKB22578$\1509228089\U\@800000cb 25600 bytes File D:\WINDOWS\$NtUninstallKB22578$\1509228089\U\@800000cf 31232 bytes File D:\WINDOWS\$NtUninstallKB22578$\748429502 0 bytes ---- EOF - GMER 1.0.15 ----