GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-09-12 17:05:41 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 Hitachi_HTS541612J9SA00 rev.SBDOC70P Running: 47y8ogbf.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\ugtdypow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB65E58B2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB65E4E48] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB65E5518] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xB65E6126] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xB65E4D28] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB65E81E0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB65E8568] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB65E4714] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xB65E5A9E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xB65E5C9E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xB65E451A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xB65E6864] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xB65E6ABA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB65E7BF0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB65E5110] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB65E56F4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xB65E6116] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xB65E4148] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB65E53B4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xB65E434C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xB65E6CC8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xB65E711C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xB65E6EDA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xB65E667C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB65E768C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xB65E7940] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB65E5EEE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB65E7EE8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xB65E63F4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB65E507A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB65E52A0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB65E4B2A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB65E4918] INT 0x71 ? 8A5E4CB8 INT 0x73 ? 8A7C4CB8 INT 0x82 ? 8A7C4CB8 INT 0x84 ? 8A5E4CB8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C10 805044AC 2 Bytes [B2, 58] {MOV DL, 0x58} .text ntkrnlpa.exe!ZwCallbackReturn + 2FA4 80504840 4 Bytes CALL 9906A6C3 .text sptd.sys B9E92000 28 Bytes [30, 78, 6E, 80, A6, CB, 6E, ...] .text sptd.sys B9E9201D 3 Bytes [79, 6E, 80] .text sptd.sys B9E92024 120 Bytes [D8, 52, 53, 80, 68, B9, 54, ...] .text sptd.sys B9E9209D 124 Bytes [97, 53, 80, A0, 98, 53, 80, ...] .text sptd.sys B9E9211A 178 Bytes [4F, 80, 82, F8, 4E, 80, 3E, ...] .text ... .sptd2 C:\windows\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB9F3C9E3] ? C:\windows\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text C:\windows\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8F3D360, 0x2255BD, 0xE8000020] .text USBPORT.SYS!DllUnload B8EFE8AC 5 Bytes JMP 8A5E41C8 ---- User code sections - GMER 1.0.15 ---- .text C:\windows\system32\svchost.exe[272] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[272] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[272] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[272] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[272] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[272] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[620] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[620] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[620] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[620] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[620] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[620] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[620] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[620] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[620] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[776] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[776] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[776] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[776] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[776] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[776] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[776] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[776] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ATK0100\HControl.exe[980] ntdll.dll!NtClose 7C90CFEE 3 Bytes JMP 0091CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ATK0100\HControl.exe[980] ntdll.dll!NtClose + 4 7C90CFF2 1 Byte [84] .text C:\WINDOWS\ATK0100\HControl.exe[980] ntdll.dll!LdrLoadDll 7C91632D 3 Bytes JMP 00925680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ATK0100\HControl.exe[980] ntdll.dll!LdrLoadDll + 4 7C916331 1 Byte [84] .text C:\WINDOWS\ATK0100\HControl.exe[980] ntdll.dll!LdrUnloadDll 7C9171CD 3 Bytes JMP 0091CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ATK0100\HControl.exe[980] ntdll.dll!LdrUnloadDll + 4 7C9171D1 1 Byte [84] .text C:\WINDOWS\ATK0100\HControl.exe[980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ATK0100\HControl.exe[980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00923280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ATK0100\HControl.exe[980] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0092E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ATK0100\HControl.exe[980] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0092E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ATK0100\HControl.exe[980] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00921220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ATK0100\HControl.exe[980] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00921B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ATK0100\HControl.exe[980] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0092DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[1064] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[1064] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10028AC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[1064] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 10028860 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[1064] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[1064] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[1064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[1064] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[1064] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[1064] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[1076] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[1076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[1076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[1076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[1076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[1076] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[1076] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[1076] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[1076] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[1076] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ATK0100\ATKOSD.exe[1140] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ATK0100\ATKOSD.exe[1140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ATK0100\ATKOSD.exe[1140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ATK0100\ATKOSD.exe[1140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ATK0100\ATKOSD.exe[1140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ATK0100\ATKOSD.exe[1140] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ATK0100\ATKOSD.exe[1140] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\ATK0100\ATKOSD.exe[1140] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1244] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1244] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1244] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1244] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1244] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1244] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1244] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1244] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1280] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1280] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1280] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1280] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1280] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1280] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1296] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1296] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1296] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1296] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1296] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1296] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1296] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1336] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005190B0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1336] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00531040 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1364] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1364] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1364] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1364] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1364] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1364] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1364] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1364] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1444] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1444] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1444] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1444] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1444] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1444] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1444] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1444] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1444] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[1512] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 009CCE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[1512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009D5680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[1512] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 009CCF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[1512] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009D26F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[1512] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009D3280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[1512] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 009D1220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[1512] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 009D1B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[1512] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 009DDF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[1512] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 009DE410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[1512] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 009DE1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1520] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1520] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1520] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1520] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1520] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1520] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1520] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apoint.exe[1528] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apoint.exe[1528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apoint.exe[1528] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apoint.exe[1528] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apoint.exe[1528] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apoint.exe[1528] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apoint.exe[1528] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apoint.exe[1528] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Winamp\winampa.exe[1548] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Winamp\winampa.exe[1548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Winamp\winampa.exe[1548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Winamp\winampa.exe[1548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Winamp\winampa.exe[1548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Winamp\winampa.exe[1548] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Winamp\winampa.exe[1548] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Winamp\winampa.exe[1548] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Winamp\winampa.exe[1548] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Winamp\winampa.exe[1548] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\nvsvc32.exe[1568] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\nvsvc32.exe[1568] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\nvsvc32.exe[1568] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\nvsvc32.exe[1568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\nvsvc32.exe[1568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\nvsvc32.exe[1568] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\nvsvc32.exe[1568] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\nvsvc32.exe[1568] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1612] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1612] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1612] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1612] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1612] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1612] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1612] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1612] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1628] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1628] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1628] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1628] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1628] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1628] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1628] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1628] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1628] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\rundll32.exe[1676] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\rundll32.exe[1676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\rundll32.exe[1676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\rundll32.exe[1676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\rundll32.exe[1676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\rundll32.exe[1676] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\rundll32.exe[1676] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\rundll32.exe[1676] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\rundll32.exe[1676] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\rundll32.exe[1676] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0074CB10 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1812] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1812] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1812] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1812] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1812] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1812] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\spoolsv.exe[1952] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\spoolsv.exe[1952] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\spoolsv.exe[1952] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\spoolsv.exe[1952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\spoolsv.exe[1952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\spoolsv.exe[1952] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\spoolsv.exe[1952] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\spoolsv.exe[1952] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\spoolsv.exe[1952] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\spoolsv.exe[1952] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[2000] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0068CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[2000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00695680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[2000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0068CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[2000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006926F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[2000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00693280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[2000] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0069DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[2000] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 3 Bytes JMP 00691220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[2000] ADVAPI32.dll!CreateProcessAsUserW + 4 77DDA8AD 1 Byte [88] .text C:\WINDOWS\system32\acs.exe[2000] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00691B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[2000] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0069E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\acs.exe[2000] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0069E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\UAService7.exe[2052] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\UAService7.exe[2052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\UAService7.exe[2052] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\UAService7.exe[2052] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\UAService7.exe[2052] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\UAService7.exe[2052] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\UAService7.exe[2052] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\UAService7.exe[2052] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\ctfmon.exe[2072] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\ctfmon.exe[2072] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\ctfmon.exe[2072] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\ctfmon.exe[2072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\ctfmon.exe[2072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\ctfmon.exe[2072] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\ctfmon.exe[2072] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\ctfmon.exe[2072] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\ctfmon.exe[2072] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\ctfmon.exe[2072] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2180] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2180] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2180] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2180] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2180] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2180] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2212] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2212] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2212] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2212] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2212] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wuauclt.exe[2220] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wuauclt.exe[2220] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wuauclt.exe[2220] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wuauclt.exe[2220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wuauclt.exe[2220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wuauclt.exe[2220] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wuauclt.exe[2220] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wuauclt.exe[2220] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wuauclt.exe[2220] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wuauclt.exe[2220] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2304] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2304] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2304] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2304] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2304] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2304] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2304] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2304] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2304] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2304] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ACEngSvr.exe[2496] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ACEngSvr.exe[2496] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ACEngSvr.exe[2496] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ACEngSvr.exe[2496] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ACEngSvr.exe[2496] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ACEngSvr.exe[2496] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ACEngSvr.exe[2496] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ACEngSvr.exe[2496] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ACEngSvr.exe[2496] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ACEngSvr.exe[2496] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2580] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2580] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2580] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2580] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2580] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2580] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2580] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apntex.exe[2720] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apntex.exe[2720] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apntex.exe[2720] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apntex.exe[2720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apntex.exe[2720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apntex.exe[2720] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apntex.exe[2720] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apntex.exe[2720] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\HidFind.exe[2736] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\HidFind.exe[2736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\HidFind.exe[2736] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\HidFind.exe[2736] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\HidFind.exe[2736] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\HidFind.exe[2736] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\HidFind.exe[2736] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\HidFind.exe[2736] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\HidFind.exe[2736] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\HidFind.exe[2736] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\47y8ogbf.exe[2792] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\47y8ogbf.exe[2792] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\47y8ogbf.exe[2792] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\47y8ogbf.exe[2792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\47y8ogbf.exe[2792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\47y8ogbf.exe[2792] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\47y8ogbf.exe[2792] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\47y8ogbf.exe[2792] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apvfb.exe[2912] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apvfb.exe[2912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apvfb.exe[2912] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apvfb.exe[2912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apvfb.exe[2912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apvfb.exe[2912] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apvfb.exe[2912] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apvfb.exe[2912] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\alg.exe[3956] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\alg.exe[3956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\alg.exe[3956] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\alg.exe[3956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\alg.exe[3956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\alg.exe[3956] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\alg.exe[3956] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\alg.exe[3956] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\alg.exe[3956] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\alg.exe[3956] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3964] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3964] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3964] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3964] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DF90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3964] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E410 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3964] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \windows\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B9E9420E] sptd.sys IAT \windows\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B9E9370C] sptd.sys IAT \windows\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B9E93EEE] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9E9370C] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9E938F0] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9E93832] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9E940CC] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9E93EEE] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EA7F56] sptd.sys IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9D08750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9D08820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B9D087F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9D087B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9D087B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9D08820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9D08750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B9D087F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B9D087F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9D087B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9D08820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9D08750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9D087B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B9D087F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9D08750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9D08820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9D08750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9D08820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9D087B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B9D087F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9D087B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9D08820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9D08750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B9D08750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B9D08820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B9D087F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B9D087B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [B9D08820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [B9D087B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [B9D08750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [B9D087F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B9D087B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B9D087F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B9D08750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9D08820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [0063BA80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [0063B8B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0063B970] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [0063AFD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [0063B9F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0063B8F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0063BA80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0063B8F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0063BA80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0063AFD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0063B8F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0063BA80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0063BA80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [0063B9F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0063AFD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0063BA80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0063AFD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] [0063B9F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0063AFD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0063BA80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [0063A730] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [0063B9F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0063B930] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0063B970] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0063B8F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0063AFD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0063BA80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [0063AB30] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [0063ABC0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [0063A6D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [0063B060] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [0063B120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!SystemParametersInfoW] [0063B360] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [0063A9F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [0063AA90] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [0063B1E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHELL32.dll [GDI32.dll!DeleteObject] [0063A730] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] [0063B9F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0063B8F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0063BA80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [0063AFD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0063B970] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0063B930] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [0063B4A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [0063AB30] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [0063B1E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [0063A6D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [0063ABC0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHELL32.dll [USER32.dll!RegisterClassW] [0063B120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [0063A780] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHELL32.dll [USER32.dll!FillRect] [0063B5E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [0063B6B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHELL32.dll [USER32.dll!DrawEdge] [0063B660] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [0063B360] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [0063A980] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [0063A9F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [0063A870] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\ole32.dll [GDI32.dll!DeleteObject] [0063A730] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0063BA80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0063B8F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\ole32.dll [KERNEL32.dll!CreateThread] [0063AFD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0063B970] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0063B930] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [0063B360] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\ole32.dll [USER32.dll!GetSystemMetrics] [0063B1E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\ole32.dll [USER32.dll!GetSysColor] [0063A6D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\ole32.dll [USER32.dll!CallWindowProcW] [0063A9F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\ole32.dll [USER32.dll!RegisterClassW] [0063B120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\ole32.dll [USER32.dll!DefWindowProcW] [0063ABC0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0063B8F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0063BA80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [0063AFD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0063B8B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0063BA80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [0063B8F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0063B930] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!CreateThread] [0063AFD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0063BA80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\USERENV.dll [USER32.dll!GetSystemMetrics] [0063B1E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0063BA80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0063B930] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0063B970] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [0063AFD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] [0063B9F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1764] @ C:\windows\system32\CRYPT32.dll [USER32.dll!GetSystemMetrics] [0063B1E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A7C31E8 AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \Driver\usbohci \Device\USBPDO-0 8A5171E8 Device \Driver\usbehci \Device\USBPDO-1 8A5131E8 AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \Driver\Cdrom \Device\CdRom0 8A5D71E8 Device \Driver\atapi \Device\Ide\IdePort0 [B9DFDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 [B9DFDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9DFDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B9DFDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B9DFDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 [B9DFDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBT_Tcpip_{C0E0612B-3CD8-493A-9284-46FD7A8C509B} 8A2FF430 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A2FF430 Device \Driver\NetBT \Device\NetbiosSmb 8A2FF430 AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \Driver\NetBT \Device\NetBT_Tcpip_{186C3C51-D102-4FAC-A366-48FEF73FC464} 8A2FF430 Device \Driver\usbohci \Device\USBFDO-0 8A5171E8 Device \Driver\usbehci \Device\USBFDO-1 8A5131E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A30B430 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A30B430 Device \FileSystem\Cdfs \Cdfs 8A461430 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x86 0xB3 0x89 0x1C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x86 0xB3 0x89 0x1C ... ---- Files - GMER 1.0.15 ---- File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes ---- EOF - GMER 1.0.15 ----