GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-07-15 18:45:48 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500JB-00REA0 rev.20.00K20 Running: 07jrgsbq.exe; Driver: C:\DOCUME~1\Pawel\USTAWI~1\Temp\pwldrkoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xA94978B2] SSDT B9E58CFC ZwClose SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xA9496E48] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xA9497518] SSDT B9E58CB6 ZwCreateKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xA9496D28] SSDT B9E58D06 ZwCreateSection SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xA949A568] SSDT B9E58CAC ZwCreateThread SSDT B9E58CBB ZwDeleteKey SSDT B9E58CC5 ZwDeleteValueKey SSDT B9E58CF7 ZwDuplicateObject SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xA9498864] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xA9498ABA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xA9499BF0] SSDT B9E58CCA ZwLoadKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xA9497110] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xA94976F4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xA9498116] SSDT B9E58C98 ZwOpenProcess SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xA94973B4] SSDT B9E58C9D ZwOpenThread SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xA9498CC8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xA949911C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xA9498EDA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xA949867C] SSDT B9E58CD4 ZwReplaceKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xA949968C] SSDT B9E58CCF ZwRestoreKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xA9499940] SSDT B9E58D0B ZwSetContextThread SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xA9497EEE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xA9499EE8] SSDT B9E58CC0 ZwSetValueKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xA949707A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xA94972A0] SSDT B9E58CA7 ZwTerminateProcess SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xA9496918] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 169 804E27C5 3 Bytes [88, 49, A9] {MOV [ECX-0x57], CL} .text ntoskrnl.exe!_abnormal_termination + 40C 804E2A68 4 Bytes [E8, 9E, 49, A9] init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xB9C3DE1E] .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB97BB000, 0x1C5D38, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA6940300, 0x3B6D8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xA91A7300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\services.exe[632] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[632] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 10028AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[632] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 10028860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[632] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[632] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[632] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[632] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[632] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[644] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[644] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[644] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[644] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[644] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[644] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[644] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[644] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[644] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[648] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 008CCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[648] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 008D5680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[648] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 008CCF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[648] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008D26F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[648] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008D3280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[648] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 008DDF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[648] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 008D1220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[648] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 008D1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[648] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 008DE410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[648] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 008DE1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[832] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[832] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[832] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[832] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[832] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[832] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[832] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[832] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[832] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[832] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[852] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[852] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[884] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[884] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[884] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[884] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[884] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[884] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[884] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[884] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\unsecapp.exe[948] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\unsecapp.exe[948] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\unsecapp.exe[948] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\unsecapp.exe[948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\unsecapp.exe[948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\unsecapp.exe[948] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\unsecapp.exe[948] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\unsecapp.exe[948] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\unsecapp.exe[948] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\unsecapp.exe[948] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[980] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[980] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[980] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[980] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[980] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[980] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[980] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[980] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[988] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 005190B0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[988] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 00531040 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1108] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1108] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1108] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1108] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1108] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1108] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1108] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1108] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1112] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1112] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1112] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1112] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1112] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1112] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1136] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1136] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1136] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1136] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1136] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1136] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1136] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1136] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\PixArt\PAC207\Monitor.exe[1148] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\PixArt\PAC207\Monitor.exe[1148] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\PixArt\PAC207\Monitor.exe[1148] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\PixArt\PAC207\Monitor.exe[1148] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\PixArt\PAC207\Monitor.exe[1148] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\PixArt\PAC207\Monitor.exe[1148] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\PixArt\PAC207\Monitor.exe[1148] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\PixArt\PAC207\Monitor.exe[1148] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\PixArt\PAC207\Monitor.exe[1148] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\PixArt\PAC207\Monitor.exe[1148] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1168] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1168] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1236] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 0074CB10 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1284] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1284] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1284] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1284] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1284] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1284] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1284] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1284] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1336] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1336] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1336] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1336] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1336] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1336] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1336] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1336] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[1384] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[1384] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[1384] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[1384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[1384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[1384] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[1384] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[1384] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[1384] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[1384] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1484] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1484] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1484] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1484] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1484] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1484] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1484] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1484] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1532] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1532] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1532] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1532] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1532] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1532] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1532] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1532] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1608] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1608] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1608] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1608] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1608] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1608] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1608] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1608] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1736] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1736] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1768] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1768] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1768] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1768] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1768] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1768] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1768] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1768] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1768] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1768] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1844] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1844] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1844] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1844] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1844] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1844] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1844] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1844] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1924] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 0099CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1924] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 009A5680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1924] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0099CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009A26F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009A3280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1924] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 009A1220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1924] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 009A1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1924] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 009ADF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1924] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 009AE410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1924] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 009AE1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2000] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2000] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2000] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2000] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2000] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2000] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2000] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2000] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2028] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2028] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2028] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2028] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2028] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2028] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2028] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[2028] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Pawel\Moje dokumenty\07jrgsbq.exe[2064] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Pawel\Moje dokumenty\07jrgsbq.exe[2064] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Pawel\Moje dokumenty\07jrgsbq.exe[2064] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Pawel\Moje dokumenty\07jrgsbq.exe[2064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Pawel\Moje dokumenty\07jrgsbq.exe[2064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Pawel\Moje dokumenty\07jrgsbq.exe[2064] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Pawel\Moje dokumenty\07jrgsbq.exe[2064] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Pawel\Moje dokumenty\07jrgsbq.exe[2064] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Pawel\Moje dokumenty\07jrgsbq.exe[2064] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Pawel\Moje dokumenty\07jrgsbq.exe[2064] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 7 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Opera\opera.exe[2100] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 7 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] wininet.dll!InternetConnectA 63019446 5 Bytes JMP 100279D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] wininet.dll!InternetConnectW 6301F4E2 5 Bytes JMP 100279B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] shell32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] shell32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] shell32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] shell32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2452] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3072] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3072] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3072] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3072] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3072] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3072] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3072] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3072] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3524] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3524] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3524] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3524] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3524] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3524] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3524] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3524] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[3524] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\msiexec.exe[3588] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\msiexec.exe[3588] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\msiexec.exe[3588] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\msiexec.exe[3588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\msiexec.exe[3588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\msiexec.exe[3588] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\msiexec.exe[3588] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\msiexec.exe[3588] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\msiexec.exe[3588] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\msiexec.exe[3588] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F74287B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F74287F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7428750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7428820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBB 0xE9 0xA8 0x0D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x88 0xB1 0x25 0x4F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0xA2 0xB4 0x1B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0E 0x58 0x07 0x11 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x52 0xE4 0x8F 0xA3 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6C 0x1B 0x58 0x3C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD4 0x75 0x59 0x4E ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA4 0xBA 0x7C 0x77 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBB 0xE9 0xA8 0x0D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x88 0xB1 0x25 0x4F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0xA2 0xB4 0x1B ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0E 0x58 0x07 0x11 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x52 0xE4 0x8F 0xA3 ... ---- EOF - GMER 1.0.15 ----