GMER 2.1.19081 - http://www.gmer.net Rootkit scan 2013-02-24 01:25:18 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK6025GAS rev.KA200K 55,89GB Running: xrdpqcdf.exe; Driver: C:\DOCUME~1\KOZAKI~1\USTAWI~1\Temp\awtorfob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xAA494F42] SSDT 827F9C90 ZwAssignProcessToJobObject SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xAA494464] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xAA494AFE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xAA4954BE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xAA494142] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xAA4961CA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xAA4964A2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xAA493D08] SSDT 827FA200 ZwDebugActiveProcess SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xAA495128] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xAA4952D8] SSDT 827FA2F0 ZwDuplicateObject SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xAA495E4C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xAA4946E8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xAA494D36] SSDT 827F9590 ZwOpenProcess SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xAA494978] SSDT 827F9800 ZwOpenThread SSDT 827F9FD0 ZwProtectVirtualMemory SSDT 827FA0E0 ZwQueueApcThread SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xAA495884] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xAA494260] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xAA495BE8] SSDT 827F9EC0 ZwSetContextThread SSDT 827F9D90 ZwSetInformationThread SSDT 827F6DA0 ZwSetSecurityObject SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xAA495FFA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xAA495684] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xAA494682] SSDT 827F9B90 ZwSuspendProcess SSDT 827F9A80 ZwSuspendThread SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xAA49486C] SSDT 827F96E0 ZwTerminateProcess SSDT 827F9A50 ZwTerminateThread SSDT 827FA6D0 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!_abnormal_termination + 1F0 804E285C 4 Bytes CALL ABF871A7 .text ntoskrnl.exe!_abnormal_termination + 394 804E2A00 4 Bytes CALL BFF87360 .text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [90, 9B, 7F, 82, 80, 9A, 7F, ...] {NOP ; WAIT ; JG 0xffffff86; SBB BYTE [EDX+0x486c827f], 0x49; STOSB } ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Apoint2K\Apoint.exe[148] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Apoint2K\Apoint.exe[148] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Apoint2K\Apoint.exe[148] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Apoint2K\Apoint.exe[148] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Apoint2K\Apoint.exe[148] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Apoint2K\Apoint.exe[148] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Apoint2K\Apoint.exe[148] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Apoint2K\Apoint.exe[148] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Apoint2K\Apoint.exe[148] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Apoint2K\Apoint.exe[148] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[168] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 009A8530 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[168] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009A4430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[168] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 009A8460 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[168] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 009A1480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[168] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 009A1640 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[168] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 009A1000 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[168] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 009A1250 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[168] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 009A8100 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[168] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 009A7E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[168] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 009A7F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\AGRSMMSG.exe[172] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\AGRSMMSG.exe[172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\AGRSMMSG.exe[172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\AGRSMMSG.exe[172] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\AGRSMMSG.exe[172] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\AGRSMMSG.exe[172] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\AGRSMMSG.exe[172] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\AGRSMMSG.exe[172] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\AGRSMMSG.exe[172] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\AGRSMMSG.exe[172] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[180] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A28530 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A24430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00A28460 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[180] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 00A21480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[180] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 00A21640 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[180] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 00A21000 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[180] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 00A21250 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[180] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00A28100 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[180] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 00A27E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[180] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 00A27F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TCtrlIOHook.exe[188] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00988530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TCtrlIOHook.exe[188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00984430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TCtrlIOHook.exe[188] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00988460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TCtrlIOHook.exe[188] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 00981480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TCtrlIOHook.exe[188] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 00981640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TCtrlIOHook.exe[188] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 00981000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TCtrlIOHook.exe[188] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 00981250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TCtrlIOHook.exe[188] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00988100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TCtrlIOHook.exe[188] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 00987E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TCtrlIOHook.exe[188] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 00987F90 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[196] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00988530 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[196] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00984430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[196] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00988460 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[196] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00988100 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[196] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 00981480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[196] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 00981640 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[196] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 00981000 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[196] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 00981250 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[196] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 00987E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[196] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 00987F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TPSMain.exe[208] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A98530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TPSMain.exe[208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A94430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TPSMain.exe[208] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00A98460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TPSMain.exe[208] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 00A91480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TPSMain.exe[208] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 00A91640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TPSMain.exe[208] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 00A91000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TPSMain.exe[208] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 00A91250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TPSMain.exe[208] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00A98100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TPSMain.exe[208] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 00A97E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TPSMain.exe[208] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 00A97F90 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\Tvs\TvsTray.exe[228] ntdll.dll!NtClose 7C90CFEE 3 Bytes JMP 00918530 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\Tvs\TvsTray.exe[228] ntdll.dll!NtClose + 4 7C90CFF2 1 Byte [84] .text C:\Program Files\TOSHIBA\Tvs\TvsTray.exe[228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00914430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\Tvs\TvsTray.exe[228] ntdll.dll!LdrUnloadDll 7C9171CD 3 Bytes JMP 00918460 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\Tvs\TvsTray.exe[228] ntdll.dll!LdrUnloadDll + 4 7C9171D1 1 Byte [84] .text C:\Program Files\TOSHIBA\Tvs\TvsTray.exe[228] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00918100 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\Tvs\TvsTray.exe[228] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 00911480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\Tvs\TvsTray.exe[228] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 00911640 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\Tvs\TvsTray.exe[228] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 00911000 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\Tvs\TvsTray.exe[228] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 00911250 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\Tvs\TvsTray.exe[228] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 00917E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\Tvs\TvsTray.exe[228] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 00917F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ZoomingHook.exe[248] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ZoomingHook.exe[248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ZoomingHook.exe[248] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ZoomingHook.exe[248] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ZoomingHook.exe[248] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ZoomingHook.exe[248] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ZoomingHook.exe[248] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ZoomingHook.exe[248] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ZoomingHook.exe[248] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ZoomingHook.exe[248] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[280] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 01058530 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01054430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 01058460 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[280] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 01058100 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[280] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 01051480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[280] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 01051640 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[280] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 01051000 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[280] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 01051250 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[280] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 01057E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[280] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 01057F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\dla\tfswctrl.exe[288] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00968530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\dla\tfswctrl.exe[288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00964430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\dla\tfswctrl.exe[288] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00968460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\dla\tfswctrl.exe[288] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00968100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\dla\tfswctrl.exe[288] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 00961480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\dla\tfswctrl.exe[288] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 00961640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\dla\tfswctrl.exe[288] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 00961000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\dla\tfswctrl.exe[288] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 00961250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\dla\tfswctrl.exe[288] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 00967E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\dla\tfswctrl.exe[288] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 00967F90 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe[312] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe[312] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe[312] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe[312] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe[312] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe[312] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe[312] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe[312] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe[312] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe[312] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Winamp\Winampa.exe[324] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Winamp\Winampa.exe[324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Winamp\Winampa.exe[324] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Winamp\Winampa.exe[324] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Winamp\Winampa.exe[324] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Winamp\Winampa.exe[324] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Winamp\Winampa.exe[324] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Winamp\Winampa.exe[324] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Winamp\Winampa.exe[324] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Winamp\Winampa.exe[324] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Apoint2K\Apntex.exe[340] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Apoint2K\Apntex.exe[340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Apoint2K\Apntex.exe[340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Apoint2K\Apntex.exe[340] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Apoint2K\Apntex.exe[340] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Apoint2K\Apntex.exe[340] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Apoint2K\Apntex.exe[340] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Apoint2K\Apntex.exe[340] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Apoint2K\Apntex.exe[340] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Apoint2K\Apntex.exe[340] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00938530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00934430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00938460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00938100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 00931480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 00931640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 00931000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 00931250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[456] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 00937E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[456] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 00937F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[464] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[464] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[464] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[464] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[464] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[464] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[464] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[464] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[464] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[464] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[520] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[520] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[520] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[520] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[520] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[520] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[520] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[520] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[520] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[556] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[556] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[556] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[556] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[556] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[556] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[556] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[556] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[556] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[556] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Samsung\AllShare\AllShareAgent.exe[600] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Samsung\AllShare\AllShareAgent.exe[600] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Samsung\AllShare\AllShareAgent.exe[600] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Samsung\AllShare\AllShareAgent.exe[600] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Samsung\AllShare\AllShareAgent.exe[600] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Samsung\AllShare\AllShareAgent.exe[600] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Samsung\AllShare\AllShareAgent.exe[600] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Samsung\AllShare\AllShareAgent.exe[600] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Samsung\AllShare\AllShareAgent.exe[600] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Samsung\AllShare\AllShareAgent.exe[600] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[644] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[644] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[644] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[644] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[644] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[644] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[644] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[644] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[656] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[656] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[656] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[656] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[656] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[656] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[656] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[656] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[656] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[656] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TPSBattM.exe[720] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00978530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TPSBattM.exe[720] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00974430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TPSBattM.exe[720] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00978460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TPSBattM.exe[720] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00978100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TPSBattM.exe[720] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 00971480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TPSBattM.exe[720] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 00971640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TPSBattM.exe[720] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 00971000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TPSBattM.exe[720] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 00971250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TPSBattM.exe[720] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 00977E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\TPSBattM.exe[720] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 00977F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[796] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[796] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[796] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[796] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[796] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[796] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[808] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[808] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[808] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[808] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[976] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[976] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[976] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1000] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1000] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1056] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1056] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1100] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1100] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1100] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1100] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1100] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1100] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1100] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1100] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1100] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1128] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 009A8530 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009A4430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1128] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 009A8460 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1128] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 009A1480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1128] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 009A1640 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1128] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 009A1000 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1128] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 009A1250 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1128] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 009A8100 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1128] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 009A7E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1128] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 009A7F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1180] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1180] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1352] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1352] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1352] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1352] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1352] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1352] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1352] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1352] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1352] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1352] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4061466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1368] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A75C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1480] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1480] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1480] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1480] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1480] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1480] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1480] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1480] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1480] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1480] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1776] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1776] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1776] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1776] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1776] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1776] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1776] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1776] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1800] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1800] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1800] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1800] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1800] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1800] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1800] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1800] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1800] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Raxco\PerfectDisk\PDAgent.exe[1856] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00C68530 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Raxco\PerfectDisk\PDAgent.exe[1856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C64430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Raxco\PerfectDisk\PDAgent.exe[1856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00C68460 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Raxco\PerfectDisk\PDAgent.exe[1856] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 00C61480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Raxco\PerfectDisk\PDAgent.exe[1856] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 00C61640 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Raxco\PerfectDisk\PDAgent.exe[1856] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 00C61000 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Raxco\PerfectDisk\PDAgent.exe[1856] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 00C61250 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Raxco\PerfectDisk\PDAgent.exe[1856] USER32.dll!EndTask 7E3AA0A5 3 Bytes JMP 00C68100 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Raxco\PerfectDisk\PDAgent.exe[1856] USER32.dll!EndTask + 4 7E3AA0A9 1 Byte [82] .text C:\Program Files\Raxco\PerfectDisk\PDAgent.exe[1856] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 00C67E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Raxco\PerfectDisk\PDAgent.exe[1856] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 00C67F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1924] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1924] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1924] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1924] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1924] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1924] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1924] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1924] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1924] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1924] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[1944] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[1944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[1944] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[1944] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[1944] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[1944] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[1944] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[1944] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[1944] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[1944] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Installer\MSI1A7E.tmp[2084] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Installer\MSI1A7E.tmp[2084] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Installer\MSI1A7E.tmp[2084] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Installer\MSI1A7E.tmp[2084] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Installer\MSI1A7E.tmp[2084] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Installer\MSI1A7E.tmp[2084] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Installer\MSI1A7E.tmp[2084] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Installer\MSI1A7E.tmp[2084] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Installer\MSI1A7E.tmp[2084] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Installer\MSI1A7E.tmp[2084] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Kozakiewicz\Pulpit\OTL.exe[2104] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Kozakiewicz\Pulpit\OTL.exe[2104] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Kozakiewicz\Pulpit\OTL.exe[2104] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Kozakiewicz\Pulpit\OTL.exe[2104] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Kozakiewicz\Pulpit\OTL.exe[2104] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Kozakiewicz\Pulpit\OTL.exe[2104] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Kozakiewicz\Pulpit\OTL.exe[2104] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Kozakiewicz\Pulpit\OTL.exe[2104] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Kozakiewicz\Pulpit\OTL.exe[2104] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Kozakiewicz\Pulpit\OTL.exe[2104] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[2140] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[2140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[2140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[2140] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[2140] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[2140] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[2140] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[2140] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[2140] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[2140] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[2200] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[2200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[2200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[2200] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[2200] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[2200] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[2200] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[2200] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[2200] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[2200] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2208] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2208] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2208] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2208] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2208] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2208] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2208] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2208] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2208] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\DllHost.exe[2392] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\DllHost.exe[2392] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\DllHost.exe[2392] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\DllHost.exe[2392] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\DllHost.exe[2392] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\DllHost.exe[2392] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\DllHost.exe[2392] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\DllHost.exe[2392] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\DllHost.exe[2392] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\DllHost.exe[2392] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Kozakiewicz\Pulpit\xrdpqcdf.exe[3004] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Kozakiewicz\Pulpit\xrdpqcdf.exe[3004] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Kozakiewicz\Pulpit\xrdpqcdf.exe[3004] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Kozakiewicz\Pulpit\xrdpqcdf.exe[3004] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Kozakiewicz\Pulpit\xrdpqcdf.exe[3004] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Kozakiewicz\Pulpit\xrdpqcdf.exe[3004] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Kozakiewicz\Pulpit\xrdpqcdf.exe[3004] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Kozakiewicz\Pulpit\xrdpqcdf.exe[3004] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Kozakiewicz\Pulpit\xrdpqcdf.exe[3004] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Kozakiewicz\Pulpit\xrdpqcdf.exe[3004] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[3024] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\System32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[3024] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\System32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[3024] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\System32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[3024] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\System32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[3024] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\System32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[3024] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\System32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[3024] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\System32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[3024] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\System32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[3024] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\System32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[3024] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\System32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3528] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3528] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3528] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3528] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3528] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3528] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3528] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3528] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3528] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3700] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3700] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3700] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3700] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3700] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3700] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3700] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3700] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[3800] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008530 C:\WINDOWS\System32\guard32.dll .text C:\WINDOWS\System32\alg.exe[3800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004430 C:\WINDOWS\System32\guard32.dll .text C:\WINDOWS\System32\alg.exe[3800] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 10008460 C:\WINDOWS\System32\guard32.dll .text C:\WINDOWS\System32\alg.exe[3800] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10008100 C:\WINDOWS\System32\guard32.dll .text C:\WINDOWS\System32\alg.exe[3800] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\System32\guard32.dll .text C:\WINDOWS\System32\alg.exe[3800] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\System32\guard32.dll .text C:\WINDOWS\System32\alg.exe[3800] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\System32\guard32.dll .text C:\WINDOWS\System32\alg.exe[3800] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\System32\guard32.dll .text C:\WINDOWS\System32\alg.exe[3800] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007E10 C:\WINDOWS\System32\guard32.dll .text C:\WINDOWS\System32\alg.exe[3800] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007F90 C:\WINDOWS\System32\guard32.dll ---- Kernel IAT/EAT - GMER 2.1 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F847D710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F847D770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F847D990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F847D950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F847D950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F847D770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F847D710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F847D990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F847D990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F847D950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F847D770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F847D710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F847D950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F847D990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F847D710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F847D770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F847D710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F847D770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F847D950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F847D990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F847D950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F847D770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F847D710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [F847D770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [F847D950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [F847D710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [F847D990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F847D950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F847D990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F847D710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F847D770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00618BA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [006184B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [00618BF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00618B10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00618B10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [006184B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00618B10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [00618BF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [006184B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [006184B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] [00618BF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [006184B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteObject] [00617C30] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] [00618BF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00618B10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [006184B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00618BA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00618B50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [006188F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [00618010] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [006186C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [00617BE0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [006180A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!RegisterClassW] [00618600] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [00617C70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!FillRect] [00618A00] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [00618A70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawEdge] [00618A50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [006187E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [00617E60] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [00617ED0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [00617D50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [00617C30] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [00618BF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00618B50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00618BA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00618B10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [006184B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [00618010] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [006180A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [00617BE0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [00618540] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [00618600] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SystemParametersInfoW] [006187E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [00617ED0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [00617F70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [006186C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [00617C30] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00618B10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [006184B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00618BA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00618B50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [006187E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSystemMetrics] [006186C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [00617BE0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [00617ED0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!RegisterClassW] [00618600] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [006180A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [00618B10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [006184B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [00618B50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00618BA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [006184B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] [00618BF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!GetSystemMetrics] [006186C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[472] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\Internet Explorer\iexplore.exe[1368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----