GMER 2.0.18327 - http://www.gmer.net Rootkit scan 2013-06-27 14:52:01 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\00000060 ST3250410AS rev.4.AAA 232,88GB Running: gqqz2m7p.exe; Driver: C:\DOCUME~1\Marchewa\USTAWI~1\Temp\kwddqaod.sys ---- System - GMER 2.0 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB490B7E4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB490AD90] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB490B44A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xB490C040] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB490DC20] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB490DF9E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB490A77C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xB490B9D0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xB490BBE8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xB490A582] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xB490C82A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xB490CA80] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB490D652] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB490B058] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB490B626] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xB490C030] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xB490A1B0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB490B2F2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xB490A3B4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xB490CC8E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xB490D0E2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xB490CEA0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xB490C5B2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB490BE54] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB490D93E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xB490C30A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB490AFC2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB490B1DE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB490AB92] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB490A980] ---- Kernel code sections - GMER 2.0 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2CC8 80504554 4 Bytes CALL CB04D614 .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9340360, 0x35363F, 0xE8000020] ---- User code sections - GMER 2.0 ---- .text C:\WINDOWS\system32\svchost.exe[156] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[156] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[156] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[156] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[156] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[156] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[156] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[156] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[156] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[156] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[156] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[156] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[204] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 00780630 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[316] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[316] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[316] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[316] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[584] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 0070D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[584] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 0071BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[584] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 0071B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[584] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00717F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[584] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0070D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00715070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00715C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[584] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 00713BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[584] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 007144D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[584] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00718D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[584] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 00718AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[584] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 00719E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[584] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 00719D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[612] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[612] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[612] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[612] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[612] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[612] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[612] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[612] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[612] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[612] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[612] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[824] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[824] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[824] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[824] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[824] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[824] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[824] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[824] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[824] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[824] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[824] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[824] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[824] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[840] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[840] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[840] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[840] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[840] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[840] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[840] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[840] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[840] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[840] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[840] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[840] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[864] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[864] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[864] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[864] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[864] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[864] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[864] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[864] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[864] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[864] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrB.exe[864] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[896] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[896] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[896] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[896] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[896] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[896] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[896] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[896] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[896] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[896] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[896] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[896] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[896] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[924] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[924] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[924] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[924] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[924] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[924] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[924] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[924] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[924] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[924] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[924] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[992] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[992] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[992] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[992] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[992] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[992] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[992] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[992] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[992] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[992] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[992] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[992] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wdfmgr.exe[992] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1036] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1036] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1036] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1036] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1036] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1036] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1036] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1036] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1036] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1036] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1036] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\csrss.exe[1244] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\csrss.exe[1244] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[1284] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[1284] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[1284] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[1284] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[1284] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[1284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[1284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[1284] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[1284] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[1284] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[1284] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[1284] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[1284] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1296] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1296] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1296] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1296] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1296] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1296] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1296] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1296] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1296] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1296] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1296] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1380] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1380] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1380] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1380] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1380] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1380] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1380] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1380] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1380] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1380] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1380] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1380] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1392] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1392] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1392] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1392] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1392] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1392] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1392] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1392] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1392] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1392] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1392] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1392] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1392] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1552] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1552] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1552] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1552] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1552] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1552] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1552] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1552] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1552] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1552] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1552] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1552] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1552] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1604] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1604] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1604] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1604] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1604] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1604] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1604] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1604] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1604] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1604] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1604] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1656] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1656] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1656] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1656] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1656] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1656] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1656] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1656] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1656] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1656] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[1656] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1784] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1784] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1784] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1784] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1784] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1784] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1784] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1784] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1784] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1784] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1784] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1784] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1784] rpcss.dll!WhichService 76A63C84 8 Bytes JMP EDF01001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1824] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 00534850 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1824] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 0054ECA0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1852] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1852] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1852] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1852] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1852] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1852] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1852] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1852] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1852] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1852] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2036] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2036] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2036] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2036] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2652] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2652] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2652] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2652] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2652] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2652] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2652] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2652] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2652] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2652] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2652] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AIMP3\AIMP3.exe[3464] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AIMP3\AIMP3.exe[3464] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AIMP3\AIMP3.exe[3464] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AIMP3\AIMP3.exe[3464] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AIMP3\AIMP3.exe[3464] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AIMP3\AIMP3.exe[3464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AIMP3\AIMP3.exe[3464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AIMP3\AIMP3.exe[3464] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AIMP3\AIMP3.exe[3464] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AIMP3\AIMP3.exe[3464] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AIMP3\AIMP3.exe[3464] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AIMP3\AIMP3.exe[3464] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AIMP3\AIMP3.exe[3464] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\AthServer.exe[3816] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 0091D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\AthServer.exe[3816] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 0092BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\AthServer.exe[3816] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 0092B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\AthServer.exe[3816] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00927F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\AthServer.exe[3816] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes JMP 0091D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\AthServer.exe[3816] ntdll.dll!LdrUnloadDll + 4 7C91736F 1 Byte [84] .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\AthServer.exe[3816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00925070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\AthServer.exe[3816] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00925C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\AthServer.exe[3816] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 00923BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\AthServer.exe[3816] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 009244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\AthServer.exe[3816] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00928D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\AthServer.exe[3816] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 00928AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\AthServer.exe[3816] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 00929E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\AthServer.exe[3816] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 00929D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Marchewa\Moje dokumenty\Programy\gqqz2m7p.exe[3976] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Marchewa\Moje dokumenty\Programy\gqqz2m7p.exe[3976] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Marchewa\Moje dokumenty\Programy\gqqz2m7p.exe[3976] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Marchewa\Moje dokumenty\Programy\gqqz2m7p.exe[3976] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Marchewa\Moje dokumenty\Programy\gqqz2m7p.exe[3976] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Marchewa\Moje dokumenty\Programy\gqqz2m7p.exe[3976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Marchewa\Moje dokumenty\Programy\gqqz2m7p.exe[3976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Marchewa\Moje dokumenty\Programy\gqqz2m7p.exe[3976] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Marchewa\Moje dokumenty\Programy\gqqz2m7p.exe[3976] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Marchewa\Moje dokumenty\Programy\gqqz2m7p.exe[3976] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Marchewa\Moje dokumenty\Programy\gqqz2m7p.exe[3976] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Marchewa\Moje dokumenty\Programy\gqqz2m7p.exe[3976] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Marchewa\Moje dokumenty\Programy\gqqz2m7p.exe[3976] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 2.0 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9E05750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9E05820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E057F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9E057B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9E057B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9E05820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9E05750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E057F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E057F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9E057B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9E05820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9E05750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9E057B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B9E057F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9E05750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9E05820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9E05750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9E05820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9E057B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E057F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9E057B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9E05820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9E05750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B9E057B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E057F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B9E05750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9E05820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- Files - GMER 2.0 ---- File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes ---- EOF - GMER 2.0 ----