GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-01-08 09:58:02 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3 ST31000524AS rev.JC45 931,51GB Running: 54wyuyt8.exe; Driver: C:\DOCUME~1\User\USTAWI~1\Temp\kwliqpoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken [0xB232F824] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwConnectPort [0xB232EDD0] SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwCreateFile [0xB208E9D8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateKey [0xB2330062] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSection [0xB2331C26] SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwCreateSymbolicLinkObject [0xB208EDB6] SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwCreateThread [0xB208F0FE] SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwDeleteKey [0xB208F472] SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwDeleteValueKey [0xB208F540] SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwDeviceIoControlFile [0xB208F68C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDuplicateObject [0xB232E5C2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateKey [0xB2330830] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateValueKey [0xB2330A86] SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwLoadDriver [0xB2091062] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwMakeTemporaryObject [0xB232F098] SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwMapViewOfSection [0xB2091480] SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwOpenFile [0xB2091798] SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwOpenKey [0xB2091962] SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwOpenProcess [0xB2091974] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenSection [0xB232F332] SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwOpenThread [0xB209203E] SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwProtectVirtualMemory [0xB20920D2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryKey [0xB2330C94] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryMultipleValueKey [0xB23310E8] SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwQueryValueKey [0xB82091AE] SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwQueueApcThread [0xB20920E4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwRenameKey [0xB23305C8] SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwSecureConnectPort [0xB20923E6] SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwSetContextThread [0xB2092452] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSecurityObject [0xB232FE76] SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwSetSystemInformation [0xB209278A] SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwSetValueKey [0xB20927F4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwShutdownSystem [0xB232F002] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSystemDebugControl [0xB232F21E] SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwTerminateProcess [0xB2092BC6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateThread [0xB232E9C0] SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwWriteVirtualMemory [0xB2094CBA] INT 0x62 ? 8A70FCB8 INT 0x63 ? 8A470CB8 INT 0x63 ? 8A470CB8 INT 0x83 ? 8A70FCB8 INT 0x84 ? 8A470CB8 INT 0x94 ? 8A470CB8 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C58 805044E4 4 Bytes [D8, E9, 08, B2] .text ntkrnlpa.exe!ZwCallbackReturn + 2C95 80504521 7 Bytes [ED, 08, B2, FE, F0, 08, B2] {IN EAX, DX; OR [EDX-0x4df70f02], DH} .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB7F83B2E] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB52AC3A0, 0x5FCCA2, 0xE8000020] init C:\WINDOWS\system32\drivers\revosens.sys entry point in "init" section [0xB5198A00] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\lxdrcoms.exe[224] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lxdrcoms.exe[224] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\lxdrcoms.exe[224] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lxdrcoms.exe[224] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lxdrcoms.exe[224] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lxdrcoms.exe[224] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lxdrcoms.exe[224] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lxdrcoms.exe[224] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lxdrcoms.exe[224] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lxdrcoms.exe[224] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lxdrcoms.exe[224] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lxdrcoms.exe[224] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lxdrcoms.exe[224] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lxdrcoms.exe[224] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[284] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[284] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[284] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[284] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[284] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[284] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[284] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[284] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[284] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[284] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[284] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[284] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[348] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[348] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[348] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[348] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[348] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[348] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[348] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[348] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[348] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[348] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[348] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[348] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[456] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[456] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[456] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[456] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[528] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[528] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[528] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[528] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[528] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[528] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[552] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[552] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[552] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[552] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[552] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[552] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[552] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[552] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[552] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[552] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[552] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[552] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[648] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[648] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\Explorer.EXE[648] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[648] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[648] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[648] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[648] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[648] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[648] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[648] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[648] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[648] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[648] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[648] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[672] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[672] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[672] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[672] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[672] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[672] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[672] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[672] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[672] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[672] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[672] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[672] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXBCES.EXE[712] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXBCES.EXE[712] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\LEXBCES.EXE[712] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXBCES.EXE[712] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXBCES.EXE[712] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXBCES.EXE[712] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXBCES.EXE[712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXBCES.EXE[712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXBCES.EXE[712] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXBCES.EXE[712] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXBCES.EXE[712] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXBCES.EXE[712] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXBCES.EXE[712] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXBCES.EXE[712] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[752] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[752] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\spoolsv.exe[752] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[752] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[752] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[752] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[752] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[752] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[752] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[752] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[752] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[752] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXPPS.EXE[756] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXPPS.EXE[756] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\LEXPPS.EXE[756] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXPPS.EXE[756] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXPPS.EXE[756] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXPPS.EXE[756] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXPPS.EXE[756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXPPS.EXE[756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXPPS.EXE[756] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXPPS.EXE[756] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXPPS.EXE[756] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXPPS.EXE[756] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXPPS.EXE[756] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\LEXPPS.EXE[756] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\acs.exe[948] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 0079D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\acs.exe[948] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes JMP 7F918A5B .text C:\WINDOWS\system32\acs.exe[948] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 007ABB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\acs.exe[948] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 007AB860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\acs.exe[948] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 007A7DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\acs.exe[948] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0079D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\acs.exe[948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007A4F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\acs.exe[948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007A5AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\acs.exe[948] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 007A8BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\acs.exe[948] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 007A8990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\acs.exe[948] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 007A9CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\acs.exe[948] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 007A9BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\acs.exe[948] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 007A3A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\acs.exe[948] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 007A4390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\csrss.exe[1012] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll .text C:\WINDOWS\system32\csrss.exe[1012] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll .text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1160] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1160] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1160] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1160] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1204] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1204] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\services.exe[1204] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1204] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1204] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1204] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1204] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1204] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1204] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1204] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1204] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1216] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1216] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\lsass.exe[1216] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1216] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1216] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1216] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1216] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1216] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1216] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1216] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[1220] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[1220] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[1220] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[1220] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[1220] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[1220] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[1220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[1220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[1220] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[1220] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[1220] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[1220] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[1220] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[1220] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1416] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1416] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1416] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1416] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1416] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1416] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1416] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1416] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1416] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1416] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1416] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1416] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1428] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1428] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\nvsvc32.exe[1428] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1428] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1428] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1428] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1428] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1428] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1428] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1428] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1428] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1428] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1428] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1504] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1504] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\Ati2evxx.exe[1504] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1504] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1504] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1504] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1504] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1504] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1504] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1504] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1504] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1504] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1528] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1528] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1528] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1528] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1528] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1672] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1672] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1672] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1672] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1672] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1672] rpcss.dll!WhichService 76A63C84 8 Bytes JMP ED501001 .text C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe[1712] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe[1712] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe[1712] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe[1712] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe[1712] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe[1712] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe[1712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe[1712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe[1712] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe[1712] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe[1712] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe[1712] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe[1712] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe[1712] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1764] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 00533F00 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1764] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 0054D9A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1796] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1796] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1796] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1796] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1796] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[1880] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[1880] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\Java\jre7\bin\jqs.exe[1880] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[1880] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[1880] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[1880] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[1880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[1880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[1880] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[1880] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[1880] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[1880] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[1880] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[1880] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1892] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1892] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1892] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1892] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1892] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1892] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1924] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1924] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\Ati2evxx.exe[1924] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1924] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1924] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1924] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1924] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1924] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1924] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1924] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1924] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1924] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1988] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1988] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\Google\Update\GoogleUpdate.exe[1988] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1988] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1988] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1988] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1988] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1988] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1988] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1988] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1988] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1988] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\RevoTask.exe[2364] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 00ACD080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\RevoTask.exe[2364] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [1C, 84] {SBB AL, 0x84} .text C:\WINDOWS\system32\RevoTask.exe[2364] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 00ADBB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\RevoTask.exe[2364] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 00ADB860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\RevoTask.exe[2364] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00AD7DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\RevoTask.exe[2364] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00ACD1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\RevoTask.exe[2364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD4F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\RevoTask.exe[2364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD5AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\RevoTask.exe[2364] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00AD8BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\RevoTask.exe[2364] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 00AD8990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\RevoTask.exe[2364] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 00AD9CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\RevoTask.exe[2364] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 00AD9BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\RevoTask.exe[2364] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 00AD3A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\RevoTask.exe[2364] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 00AD4390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2472] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2472] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2472] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2472] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2472] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2472] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2472] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2472] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2472] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2472] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2472] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2472] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2472] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2472] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe[2868] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 009AD080 C:\WINDOWS\system32\guard32.dll .text C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe[2868] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [0A, 84] .text C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe[2868] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 009BBB80 C:\WINDOWS\system32\guard32.dll .text C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe[2868] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 009BB860 C:\WINDOWS\system32\guard32.dll .text C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe[2868] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 009B7DF0 C:\WINDOWS\system32\guard32.dll .text C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe[2868] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 009AD1A0 C:\WINDOWS\system32\guard32.dll .text C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe[2868] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009B4F30 C:\WINDOWS\system32\guard32.dll .text C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe[2868] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009B5AC0 C:\WINDOWS\system32\guard32.dll .text C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe[2868] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 009B8BC0 C:\WINDOWS\system32\guard32.dll .text C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe[2868] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 009B8990 C:\WINDOWS\system32\guard32.dll .text C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe[2868] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 009B9CC0 C:\WINDOWS\system32\guard32.dll .text C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe[2868] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 009B9BC0 C:\WINDOWS\system32\guard32.dll .text C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe[2868] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 009B3A60 C:\WINDOWS\system32\guard32.dll .text C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe[2868] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 009B4390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2904] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2904] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\wscntfy.exe[2904] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2904] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2904] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2904] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2904] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2904] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2904] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2904] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2904] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2904] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe[2968] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe[2968] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe[2968] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe[2968] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe[2968] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe[2968] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe[2968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe[2968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe[2968] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe[2968] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe[2968] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe[2968] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe[2968] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe[2968] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002ADA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002AD60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002AE20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002AE00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002ADC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002A430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002AD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002AD40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002A3E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002AD00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002AD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002ADE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 7 Bytes JMP 1002A6F0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002A480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0172B780 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002ACE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002AC20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002A9C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002AC60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002AC80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002AA20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!lstrlenW + 43 7C809ADC 7 Bytes JMP 01F66EFD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002ACC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002AA00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002AA60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!MapViewOfFileEx + 6A 7C80B990 7 Bytes JMP 01F66EDA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002AA40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002AC00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002AAC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002AB40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002AC40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002AB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002ABE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002ABC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002AAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002AA80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002AB00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002AB60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002AAE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!ValidateLocale + B1E8 7C8449F8 7 Bytes JMP 01730836 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002AB20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002ABA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002A9E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002ACA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] GDI32.dll!SetDIBitsToDevice + 209 77F19E04 7 Bytes JMP 01F66E5B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 1002A920 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3328] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 1002A900 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\AntiLogger\AntiLogger.exe[3336] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\AntiLogger\AntiLogger.exe[3336] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\AntiLogger\AntiLogger.exe[3336] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\AntiLogger\AntiLogger.exe[3336] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\AntiLogger\AntiLogger.exe[3336] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\AntiLogger\AntiLogger.exe[3336] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\AntiLogger\AntiLogger.exe[3336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\AntiLogger\AntiLogger.exe[3336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\AntiLogger\AntiLogger.exe[3336] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes CALL 008B5FF1 C:\Program Files\AntiLogger\AntiLogger.exe .text C:\Program Files\AntiLogger\AntiLogger.exe[3336] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\AntiLogger\AntiLogger.exe[3336] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\AntiLogger\AntiLogger.exe[3336] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\AntiLogger\AntiLogger.exe[3336] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\AntiLogger\AntiLogger.exe[3336] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\AntiLogger\AntiLogger.exe[3336] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3432] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3432] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3432] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3432] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3432] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3432] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3432] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3432] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3432] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3432] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3432] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3432] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3432] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3432] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3460] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 0077FC60 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe .text C:\WINDOWS\System32\alg.exe[3544] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[3544] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\System32\alg.exe[3544] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[3544] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[3544] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[3544] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[3544] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[3544] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[3544] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[3544] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[3544] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[3544] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[3544] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[3544] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\KeyScrambler\keyscrambler.exe[3576] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 0099D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\KeyScrambler\keyscrambler.exe[3576] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [09, 84] .text C:\Program Files\KeyScrambler\keyscrambler.exe[3576] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 009ABB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\KeyScrambler\keyscrambler.exe[3576] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 009AB860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\KeyScrambler\keyscrambler.exe[3576] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 009A7DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\KeyScrambler\keyscrambler.exe[3576] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0099D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\KeyScrambler\keyscrambler.exe[3576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009A4F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\KeyScrambler\keyscrambler.exe[3576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009A5AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\KeyScrambler\keyscrambler.exe[3576] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 009A3A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\KeyScrambler\keyscrambler.exe[3576] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 009A4390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\KeyScrambler\keyscrambler.exe[3576] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 009A8BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\KeyScrambler\keyscrambler.exe[3576] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 009A8990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\KeyScrambler\keyscrambler.exe[3576] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 009A9CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\KeyScrambler\keyscrambler.exe[3576] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 009A9BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ipla\ipla.exe[3640] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 055ED080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ipla\ipla.exe[3640] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [CE, 88] .text C:\Program Files\ipla\ipla.exe[3640] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 055FBB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ipla\ipla.exe[3640] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 055FB860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ipla\ipla.exe[3640] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 055F7DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ipla\ipla.exe[3640] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 055ED1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ipla\ipla.exe[3640] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 055F4F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ipla\ipla.exe[3640] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 055F5AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ipla\ipla.exe[3640] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 055F3A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ipla\ipla.exe[3640] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 055F4390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ipla\ipla.exe[3640] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 055F8BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ipla\ipla.exe[3640] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 055F8990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ipla\ipla.exe[3640] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 055F9CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ipla\ipla.exe[3640] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 055F9BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3844] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3844] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\ctfmon.exe[3844] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3844] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3844] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3844] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3844] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3844] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3844] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3844] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3844] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3844] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\User\Pulpit\54wyuyt8.exe[5468] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\User\Pulpit\54wyuyt8.exe[5468] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Documents and Settings\User\Pulpit\54wyuyt8.exe[5468] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\User\Pulpit\54wyuyt8.exe[5468] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\User\Pulpit\54wyuyt8.exe[5468] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\User\Pulpit\54wyuyt8.exe[5468] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\User\Pulpit\54wyuyt8.exe[5468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\User\Pulpit\54wyuyt8.exe[5468] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\User\Pulpit\54wyuyt8.exe[5468] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\User\Pulpit\54wyuyt8.exe[5468] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\User\Pulpit\54wyuyt8.exe[5468] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\User\Pulpit\54wyuyt8.exe[5468] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\User\Pulpit\54wyuyt8.exe[5468] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\User\Pulpit\54wyuyt8.exe[5468] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe[6696] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe[6696] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe[6696] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe[6696] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe[6696] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe[6696] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe[6696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe[6696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe[6696] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe[6696] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe[6696] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe[6696] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe[6696] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe[6696] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8A70E1E8 Device \FileSystem\Fastfat \FatCdrom 8A567430 AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Ip GDTdiIcpt.sys Device \Driver\cmdHlp \Device\CFPTcpFlt GDTdiIcpt.sys Device \Driver\usbohci \Device\USBPDO-0 8A55E1E8 Device \Driver\usbohci \Device\USBPDO-1 8A55E1E8 Device \Driver\usbohci \Device\USBPDO-2 8A55E1E8 Device \Driver\usbohci \Device\USBPDO-3 8A55E1E8 Device \Driver\cmdHlp \Device\CFPRawFlt GDTdiIcpt.sys Device \Driver\cmdHlp \Device\CFPUdpFlt GDTdiIcpt.sys Device \Driver\usbohci \Device\USBPDO-4 8A55E1E8 AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Tcp GDTdiIcpt.sys Device \Driver\usbehci \Device\USBPDO-5 8A4561E8 Device \Driver\Cdrom \Device\CdRom0 8A44E1E8 Device \Driver\atapi \Device\Ide\IdePort0 [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-12 [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBT_Tcpip_{74330AC7-BBD3-451D-B6DD-06190DDAB77A} 8A48F1E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A48F1E8 Device \Driver\NetBT \Device\NetbiosSmb 8A48F1E8 AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Udp GDTdiIcpt.sys AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\RawIp GDTdiIcpt.sys Device \Driver\usbohci \Device\USBFDO-0 8A55E1E8 Device \Driver\usbohci \Device\USBFDO-1 8A55E1E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A59E1E8 Device \Driver\cmdHlp \Device\CFPIpFlt GDTdiIcpt.sys Device \Driver\usbohci \Device\USBFDO-2 8A55E1E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A59E1E8 Device \Driver\usbohci \Device\USBFDO-3 8A55E1E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{9B89DE19-3E18-4257-A4AC-CCDC2A05C90E} 8A48F1E8 Device \Driver\usbohci \Device\USBFDO-4 8A55E1E8 Device \Driver\usbehci \Device\USBFDO-5 8A4561E8 Device \FileSystem\Fastfat \Fat 8A567430 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys Device \FileSystem\Cdfs \Cdfs 89DFD430 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011675590e9 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x28 0xA8 0xDE 0x18 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0xB0 0x60 0xB5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x28 0xA8 0xDE 0x18 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0011675590e9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x28 0xA8 0xDE 0x18 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0xB0 0x60 0xB5 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.1 ---- File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\1ECF3571-89B0-4609-A5BD-56DBC7C81CA7.data 520192 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\1ECF3571-89B0-4609-A5BD-56DBC7C81CA7.data.info 208 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\257C4A0C-AF70-4089-ABB9-9CD12F8E8485.data 32768 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\257C4A0C-AF70-4089-ABB9-9CD12F8E8485.data.info 282 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\33795F6E-7B45-4303-A4BC-B26224314182.data 50354 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\33795F6E-7B45-4303-A4BC-B26224314182.data.info 188 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\34263066-0586-42F6-BE1E-B8FABC6EF611.data 53248 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\97DA068E-1161-4F66-A701-732C4A02E766.data 81408 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\97DA068E-1161-4F66-A701-732C4A02E766.data.info 162 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\9CB80B81-185B-49E7-94A7-60479CD6AE79.data 1283584 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\9CB80B81-185B-49E7-94A7-60479CD6AE79.data.info 238 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A0DC532C-7F5E-4FEF-8164-8491D6442885.data 32768 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A0DC532C-7F5E-4FEF-8164-8491D6442885.data.info 282 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\C137FC58-BED3-4745-A98E-C59A2B886FA7.data 3939 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\C137FC58-BED3-4745-A98E-C59A2B886FA7.data.info 264 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\C64D2412-F486-47F9-BFC1-0740FAAF7D62.data 32768 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\C64D2412-F486-47F9-BFC1-0740FAAF7D62.data.info 282 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\D5C0AB73-DBD9-461F-8F6E-CB2787DFD05A.data 20603377 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\D5C0AB73-DBD9-461F-8F6E-CB2787DFD05A.data.info 242 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\E9959544-CF99-44CC-94F1-217DC1CD7B26.data 33792 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\E9959544-CF99-44CC-94F1-217DC1CD7B26.data.info 260 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\ECC9DCFF-6450-4051-94F5-DAD5D47995B9.data 81408 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\ECC9DCFF-6450-4051-94F5-DAD5D47995B9.data.info 162 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\F5C2B716-C37A-4587-8985-8534EE6E8C8C.data 151040 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\F5C2B716-C37A-4587-8985-8534EE6E8C8C.data.info 248 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp 0 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\42F91F36-A2A7-4EF9-84DF-345852D5AF2C.data 81408 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\42F91F36-A2A7-4EF9-84DF-345852D5AF2C.data.info 162 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\5FD09081-1DA0-48C7-BAF0-74D1A27C8658.data 1916928 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\5FD09081-1DA0-48C7-BAF0-74D1A27C8658.data.info 146 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\34263066-0586-42F6-BE1E-B8FABC6EF611.data.info 240 bytes ---- EOF - GMER 2.1 ----