GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-06 11:31:21 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP0802N rev.TK100-30 Running: c4hfo9i9.exe; Driver: C:\DOCUME~1\GOSIAC~1\USTAWI~1\Temp\kwlyqpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xF15B579A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xF15B4D46] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xF15B5400] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xF15B5FA4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xF15B7ABC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xF15B7E3A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xF15B4732] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xF15B5986] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xF15B5B7A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xF15B4538] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xF15B66C6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xF15B691C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xF15B74EE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xF15B500E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xF15B55DC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xF15B5F94] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xF15B4166] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xF15B52A8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xF15B436A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xF15B6B2A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xF15B6F7E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xF15B6D3C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xF15B64DE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xF15B5DB6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xF15B77DA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xF15B6266] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xF15B4F78] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xF15B5194] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xF15B4B48] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xF15B4936] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\rundll32.exe[464] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\rundll32.exe[464] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\rundll32.exe[464] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\rundll32.exe[464] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\rundll32.exe[464] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\rundll32.exe[464] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\rundll32.exe[464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\rundll32.exe[464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\rundll32.exe[464] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\rundll32.exe[464] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\rundll32.exe[464] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\rundll32.exe[464] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\rundll32.exe[464] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\rundll32.exe[464] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\csrss.exe[564] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\csrss.exe[564] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[636] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[636] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\services.exe[636] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[636] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[636] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[636] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[636] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[636] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F040 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[636] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[636] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[636] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[636] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[648] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[648] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\lsass.exe[648] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[648] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[648] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[648] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[648] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[648] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[648] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[648] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[648] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[648] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[648] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[648] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[780] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[780] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[780] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[780] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[800] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F040 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[800] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[800] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[800] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[800] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[856] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F040 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[856] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[856] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[856] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[856] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[856] rpcss.dll!WhichService 76A64234 8 Bytes JMP ED301001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[932] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00526240 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[932] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0053F8A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[968] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F040 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[968] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[968] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[968] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[968] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1180] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1180] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1180] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1180] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1200] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1200] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Java\jre6\bin\jqs.exe[1200] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1200] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1200] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1200] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1200] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1200] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1200] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1200] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1200] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[1356] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[1356] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\wscntfy.exe[1356] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[1356] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[1356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[1356] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[1356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[1356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[1356] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[1356] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[1356] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[1356] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[1356] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[1356] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1404] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1404] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1404] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1404] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1484] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1484] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1484] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1484] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1484] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1484] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1484] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1484] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1484] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1484] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1508] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1508] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\Explorer.EXE[1508] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1508] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1508] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1508] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1508] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1508] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1508] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1508] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1596] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1596] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1596] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1596] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1596] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1596] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1596] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1596] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1596] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1596] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1596] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1596] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\sistray.EXE[1744] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 009AD060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\sistray.EXE[1744] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [0A, 84] .text C:\WINDOWS\system32\sistray.EXE[1744] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 009BBB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\sistray.EXE[1744] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 009BB800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\sistray.EXE[1744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009B7DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\sistray.EXE[1744] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 009AD180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\sistray.EXE[1744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009B4F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\sistray.EXE[1744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009B5AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\sistray.EXE[1744] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 009B3A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\sistray.EXE[1744] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 009B4370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\sistray.EXE[1744] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 009B8BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\sistray.EXE[1744] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 009B8970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\sistray.EXE[1744] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 009B9CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\sistray.EXE[1744] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 009B9BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\keyhook.exe[1752] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 0094D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\keyhook.exe[1752] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [04, 84] {ADD AL, 0x84} .text C:\WINDOWS\system32\keyhook.exe[1752] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0095BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\keyhook.exe[1752] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0095B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\keyhook.exe[1752] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00957DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\keyhook.exe[1752] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0094D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\keyhook.exe[1752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00954F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\keyhook.exe[1752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00955AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\keyhook.exe[1752] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00953A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\keyhook.exe[1752] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00954370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\keyhook.exe[1752] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00958BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\keyhook.exe[1752] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00958970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\keyhook.exe[1752] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00959CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\keyhook.exe[1752] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00959BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Xerox\PanelMgr\SSMMgr.exe[1776] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Xerox\PanelMgr\SSMMgr.exe[1776] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\Xerox\PanelMgr\SSMMgr.exe[1776] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Xerox\PanelMgr\SSMMgr.exe[1776] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Xerox\PanelMgr\SSMMgr.exe[1776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Xerox\PanelMgr\SSMMgr.exe[1776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Xerox\PanelMgr\SSMMgr.exe[1776] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Xerox\PanelMgr\SSMMgr.exe[1776] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Xerox\PanelMgr\SSMMgr.exe[1776] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Xerox\PanelMgr\SSMMgr.exe[1776] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Xerox\PanelMgr\SSMMgr.exe[1776] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Xerox\PanelMgr\SSMMgr.exe[1776] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Xerox\PanelMgr\SSMMgr.exe[1776] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Xerox\PanelMgr\SSMMgr.exe[1776] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1784] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1784] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1784] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1784] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1784] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1784] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1784] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1784] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1784] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1784] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1784] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1824] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1824] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\notepad.exe[1824] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1824] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1824] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1824] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1824] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1824] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1824] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1824] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1824] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1824] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1824] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1824] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1880] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1880] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\ctfmon.exe[1880] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1880] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1880] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1880] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1880] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1880] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1880] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1880] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1880] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Gosia Caban\Pulpit\NET\c4hfo9i9.exe[2052] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Gosia Caban\Pulpit\NET\c4hfo9i9.exe[2052] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Documents and Settings\Gosia Caban\Pulpit\NET\c4hfo9i9.exe[2052] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Gosia Caban\Pulpit\NET\c4hfo9i9.exe[2052] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Gosia Caban\Pulpit\NET\c4hfo9i9.exe[2052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Gosia Caban\Pulpit\NET\c4hfo9i9.exe[2052] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Gosia Caban\Pulpit\NET\c4hfo9i9.exe[2052] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Gosia Caban\Pulpit\NET\c4hfo9i9.exe[2052] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Gosia Caban\Pulpit\NET\c4hfo9i9.exe[2052] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Gosia Caban\Pulpit\NET\c4hfo9i9.exe[2052] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Gosia Caban\Pulpit\NET\c4hfo9i9.exe[2052] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Gosia Caban\Pulpit\NET\c4hfo9i9.exe[2052] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Gosia Caban\Pulpit\NET\c4hfo9i9.exe[2052] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Gosia Caban\Pulpit\NET\c4hfo9i9.exe[2052] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2388] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2388] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\System32\alg.exe[2388] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2388] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2388] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2388] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2388] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2388] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2388] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2388] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2388] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2388] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F73F9750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F73F9820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F73F97F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F73F97B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F73F97B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F73F9820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F73F9750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F73F97F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F73F97F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F73F97B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F73F9820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F73F9750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F73F97B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F73F97F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F73F9750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F73F9820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F73F9750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F73F9820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F73F97B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F73F97F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F73F97B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F73F9820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F73F9750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [F73F9820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [F73F97B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [F73F9750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [F73F97F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F73F97B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F73F97F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F73F9750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F73F9820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Files - GMER 1.0.15 ---- File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_END_USER_v11984.cav 84934656 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_END_USER_v11984.cav.z 115067298 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v11985.cav 2105866 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v11986.cav 2195077 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v11987.cav 2121677 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v11988.cav 2139845 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v11989.cav 2121072 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v11990.cav 2104931 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v11991.cav 2139876 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v11992.cav 2105885 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v11993.cav 2101347 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v11994.cav 2180531 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v11995.cav 2100449 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v11996.cav 2130660 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v11997.cav 2102201 bytes ---- EOF - GMER 1.0.15 ----