GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-04-21 13:58:17 Windows 5.1.2600 Dodatek Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP2014N rev.VC100-41 186.31GB Running: gmer 2.2.exe; Driver: C:\DOCUME~1\MAŁGOSIA\USTAWI~1\Temp\kxtdapod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken [0xAAF4479A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwConnectPort [0xAAF43D46] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateFile [0xAAF44400] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateKey [0xAAF44FA4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSection [0xAAF46ABC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject [0xAAF46E3A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThread [0xAAF43732] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteKey [0xAAF44986] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteValueKey [0xAAF44B7A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDuplicateObject [0xAAF43538] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateKey [0xAAF456C6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateValueKey [0xAAF4591C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwLoadDriver [0xAAF464EE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwMakeTemporaryObject [0xAAF4400E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenFile [0xAAF445DC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenKey [0xAAF44F94] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenProcess [0xAAF43166] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenSection [0xAAF442A8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenThread [0xAAF4336A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryKey [0xAAF45B2A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryMultipleValueKey [0xAAF45F7E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryValueKey [0xAAF45D3C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwRenameKey [0xAAF454DE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSecurityObject [0xAAF44DB6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSystemInformation [0xAAF467DA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetValueKey [0xAAF45266] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwShutdownSystem [0xAAF43F78] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSystemDebugControl [0xAAF44194] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateProcess [0xAAF43B48] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateThread [0xAAF43936] INT 0x62 ? 82FD5CC8 INT 0x82 ? 82FD5CC8 INT 0x94 ? 829B3F00 INT 0x94 ? 829B3F00 INT 0x94 ? 829B3F00 INT 0x94 ? 829B3F00 INT 0x94 ? 829B3F00 INT 0x94 ? 829B3F00 INT 0xB1 ? 82FAACC8 INT 0xB1 ? 82FAACC8 INT 0xB4 ? 82FAACC8 ---- Kernel code sections - GMER 2.1 ---- .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xF854A346] ? C:\WINDOWS\System32\Drivers\ac7yikqy.SYS suspicious PE modification ? C:\WINDOWS\System32\Drivers\aawxgrsj.SYS suspicious PE modification ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\spoolsv.exe[308] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[308] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\spoolsv.exe[308] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[308] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[308] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[308] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[308] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[308] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[308] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[308] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[308] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[308] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[308] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[308] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[344] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[344] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\Explorer.EXE[344] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[344] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[344] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[344] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[344] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[344] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[344] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[344] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[344] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[344] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[344] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[344] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\VIA\RAID\raid_tool.exe[548] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 003AD060 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\VIA\RAID\raid_tool.exe[548] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [AA, 83] .text C:\Program Files\VIA\RAID\raid_tool.exe[548] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 003BBB20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\VIA\RAID\raid_tool.exe[548] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 003BB800 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\VIA\RAID\raid_tool.exe[548] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003B7DD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\VIA\RAID\raid_tool.exe[548] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 003AD180 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\VIA\RAID\raid_tool.exe[548] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 003B4F10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\VIA\RAID\raid_tool.exe[548] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 003B5AA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\VIA\RAID\raid_tool.exe[548] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 003B8BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\VIA\RAID\raid_tool.exe[548] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 003B9CA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\VIA\RAID\raid_tool.exe[548] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 003B8970 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\VIA\RAID\raid_tool.exe[548] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 003B9BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\VIA\RAID\raid_tool.exe[548] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 003B3A40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\VIA\RAID\raid_tool.exe[548] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 003B4370 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[596] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[596] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\SOUNDMAN.EXE[596] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[596] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[596] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[596] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[596] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[596] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[596] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[596] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[596] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[596] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[596] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[596] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[664] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[664] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[664] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[664] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[664] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[664] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[664] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[664] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[664] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[664] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[664] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[664] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[664] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[664] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[688] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0076BD10 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe .text C:\WINDOWS\system32\ctfmon.exe[712] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[712] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\ctfmon.exe[712] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[712] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[712] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[712] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[712] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[712] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[712] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[712] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[712] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[712] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\wcescomm.exe[752] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\wcescomm.exe[752] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text D:\PROGRA~1\MICROS~1\wcescomm.exe[752] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\wcescomm.exe[752] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\wcescomm.exe[752] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\wcescomm.exe[752] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\wcescomm.exe[752] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\wcescomm.exe[752] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\wcescomm.exe[752] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\wcescomm.exe[752] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\wcescomm.exe[752] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\wcescomm.exe[752] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\wcescomm.exe[752] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\wcescomm.exe[752] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\rapimgr.exe[788] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\rapimgr.exe[788] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text D:\PROGRA~1\MICROS~1\rapimgr.exe[788] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\rapimgr.exe[788] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\rapimgr.exe[788] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\rapimgr.exe[788] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\rapimgr.exe[788] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\rapimgr.exe[788] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\rapimgr.exe[788] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\rapimgr.exe[788] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\rapimgr.exe[788] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\rapimgr.exe[788] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\rapimgr.exe[788] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text D:\PROGRA~1\MICROS~1\rapimgr.exe[788] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1036] RPCRT4.dll!RpcServerRegisterIfEx 77E90D13 5 Bytes JMP 1001F040 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1036] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1036] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1036] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1036] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\csrss.exe[1052] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll .text C:\WINDOWS\system32\csrss.exe[1052] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll .text C:\WINDOWS\system32\services.exe[1132] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1132] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\services.exe[1132] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1132] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1132] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1132] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1132] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1132] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1132] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1132] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1132] RPCRT4.dll!RpcServerRegisterIfEx 77E90D13 5 Bytes JMP 1001F040 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1132] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1132] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1132] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1132] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1144] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1144] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\lsass.exe[1144] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1144] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1144] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1144] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1144] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1144] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1144] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1144] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1144] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1144] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1144] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1144] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1300] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1300] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\Ati2evxx.exe[1300] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1300] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1300] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1300] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1300] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1300] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1300] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1300] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1300] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1300] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1300] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1300] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] RPCRT4.dll!RpcServerRegisterIfEx 77E90D13 5 Bytes JMP 1001F040 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1316] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1380] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1380] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1380] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1380] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1380] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1380] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1380] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1380] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1380] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1380] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1380] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1380] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1380] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1380] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1416] RPCRT4.dll!RpcServerRegisterIfEx 77E90D13 5 Bytes JMP 1001F040 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1416] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1416] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1416] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1416] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1416] rpcss.dll!WhichService 76A63CAC 8 Bytes JMP ED301001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1448] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00526240 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1448] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0053F8A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] RPCRT4.dll!RpcServerRegisterIfEx 77E90D13 5 Bytes JMP 1001F040 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1488] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1644] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1644] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1644] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1644] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1644] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1644] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1644] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1644] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1644] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1644] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1644] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1644] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1644] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1644] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1776] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1776] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1776] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1776] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1776] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1776] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1776] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1776] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1808] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1808] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1808] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1808] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1976] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1976] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\Ati2evxx.exe[1976] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1976] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1976] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1976] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1976] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1976] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1976] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1976] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1976] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1976] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1976] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1976] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2304] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2304] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\System32\alg.exe[2304] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2304] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2304] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2304] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2304] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2304] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2304] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2304] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2304] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2304] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2304] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2304] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\gmer 2.2.exe[2368] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\gmer 2.2.exe[2368] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\gmer 2.2.exe[2368] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\gmer 2.2.exe[2368] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\gmer 2.2.exe[2368] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\gmer 2.2.exe[2368] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\gmer 2.2.exe[2368] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\gmer 2.2.exe[2368] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\gmer 2.2.exe[2368] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\gmer 2.2.exe[2368] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\gmer 2.2.exe[2368] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\gmer 2.2.exe[2368] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text C:\gmer 2.2.exe[2368] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\gmer 2.2.exe[2368] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2656] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2656] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2656] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2656] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2656] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2656] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2656] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2656] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2656] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2656] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2656] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2656] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2656] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2656] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002AD40 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text D:\Program Files\Opera\Opera.exe[2728] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002AD00 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002ADC0 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002ADA0 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002AD60 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002A3D0 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002AD20 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002ACE0 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002A380 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002ACA0 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002ACC0 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002AD80 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 1002A690 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002A420 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002AC80 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002ABC0 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002A960 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002AC00 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002AC20 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002A9C0 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 1002AC60 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 1002A9A0 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002AA00 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002A9E0 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002ABA0 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002AA60 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002AAE0 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002ABE0 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002AB20 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002AB80 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002AB60 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002AA40 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002AA20 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002AAA0 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002AB00 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002AA80 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002AAC0 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002AB40 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002A980 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002AC40 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002A8E0 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002A900 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002A940 C:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\Opera.exe[2728] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002A920 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3544] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3544] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3544] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3544] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3544] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3544] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3544] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3544] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3544] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3544] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3544] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3544] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3544] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3544] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Fastfat \FatCdrom 82FA51F8 AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys Device \Driver\PCI_PNP0290 \Device\00000043 sptd.sys Device \Driver\usbuhci \Device\USBPDO-0 82A15430 Device \Driver\PCI_PNP0290 \Device\00000044 sptd.sys Device \Driver\usbuhci \Device\USBPDO-1 82A15430 Device \Driver\usbuhci \Device\USBPDO-2 82A15430 Device \Driver\usbuhci \Device\USBPDO-3 82A15430 Device \Driver\usbehci \Device\USBPDO-4 8294A430 AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys Device \Driver\Cdrom \Device\CdRom0 8297E430 Device \Driver\atapi \Device\Ide\IdePort0 82FD51F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 82FD51F8 Device \Driver\atapi \Device\Ide\IdePort1 82FD51F8 Device \Driver\Cdrom \Device\CdRom1 8297E430 Device \Driver\Cdrom \Device\CdRom2 8297E430 Device \Driver\NetBT \Device\NetBt_Wins_Export 82921408 Device \Driver\usbstor \Device\00000078 82C8D1F8 Device \Driver\usbstor \Device\00000079 82C8D1F8 Device \Driver\NetBT \Device\NetbiosSmb 82921408 AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys Device \Driver\kxtdapod \Device\kxtdapod kxtdapod.sys AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys Device \Driver\usbuhci \Device\USBFDO-0 82A15430 Device \Driver\usbstor \Device\0000007a 82C8D1F8 Device \Driver\usbuhci \Device\USBFDO-1 82A15430 Device \Driver\usbstor \Device\0000007b 82C8D1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 829AC430 Device \Driver\usbuhci \Device\USBFDO-2 82A15430 Device \Driver\usbstor \Device\0000007c 82C8D1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 829AC430 Device \Driver\usbuhci \Device\USBFDO-3 82A15430 Device \Driver\NetBT \Device\NetBT_Tcpip_{EF11CE3A-E8C0-47E8-9D47-B47B080E9F87} 82921408 Device \Driver\usbehci \Device\USBFDO-4 8294A430 Device \Driver\ac7yikqy \Device\Scsi\ac7yikqy1 828D6430 Device \Driver\viamraid \Device\Scsi\viamraid1 82FA61F8 Device \Driver\aawxgrsj \Device\Scsi\aawxgrsj1Port3Path0Target0Lun0 828EB430 Device \Driver\viamraid \Device\Scsi\viamraid1Port2Path0Target0Lun0 82FA61F8 Device \Driver\ac7yikqy \Device\Scsi\ac7yikqy1Port4Path0Target0Lun0 828D6430 Device \Driver\aawxgrsj \Device\Scsi\aawxgrsj1 828EB430 Device \FileSystem\Fastfat \Fat 82FA51F8 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys Device \FileSystem\Cdfs \Cdfs 8296B430 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82fd51f8]<< >>UNKNOWN [0x82fe86f1]<< 82fe86f1 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f67ab8] 82f67ab8 Trace 3 CLASSPNP.SYS[f86a605b] -> nt!IofCallDriver -> \Device\00000070[0x82f7df18] 82f7df18 Trace 5 ACPI.sys[f8424620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f6fd98] 82f6fd98 Trace \Driver\atapi[0x82f73788] -> IRP_MJ_CREATE -> 0x82fd51f8 82fd51f8 ---- Threads - GMER 2.1 ---- Thread System [4:876] 826420F4 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x57 0xDF 0x26 0xE9 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xF3 0xEA 0x5E 0x7C ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xC3 0x40 0x3B 0xF9 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x57 0xDF 0x26 0xE9 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xF3 0xEA 0x5E 0x7C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xC3 0x40 0x3B 0xF9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x57 0xDF 0x26 0xE9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xF3 0xEA 0x5E 0x7C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xC3 0x40 0x3B 0xF9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9C 0x66 0xF1 0x5F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA9 0x87 0x4F 0x5C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCE 0x1E 0x16 0xD9 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x57 0xDF 0x26 0xE9 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xF3 0xEA 0x5E 0x7C ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xC3 0x40 0x3B 0xF9 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9C 0x66 0xF1 0x5F ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA9 0x87 0x4F 0x5C ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCE 0x1E 0x16 0xD9 ... ---- EOF - GMER 2.1 ----