GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-15 21:07:38 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 SAMSUNG_SP1604N rev.TM100-24 149,05GB Running: kbsezxsx.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\ffxcapow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken [0xF1C22824] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwConnectPort [0xF1C21DD0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateFile [0xF1C2248A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateKey [0xF1C23062] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSection [0xF1C24C26] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject [0xF1C24FA4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThread [0xF1C217BC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteKey [0xF1C22A10] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteValueKey [0xF1C22C18] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDuplicateObject [0xF1C215C2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateKey [0xF1C23830] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateValueKey [0xF1C23A86] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwLoadDriver [0xF1C24658] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwMakeTemporaryObject [0xF1C22098] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenFile [0xF1C22666] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenKey [0xF1C23052] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenProcess [0xF1C211F0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenSection [0xF1C22332] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenThread [0xF1C213F4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryKey [0xF1C23C94] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryMultipleValueKey [0xF1C240E8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryValueKey [0xF1C23EA6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwRenameKey [0xF1C235C8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSecurityObject [0xF1C22E76] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSystemInformation [0xF1C24944] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetValueKey [0xF1C23330] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwShutdownSystem [0xF1C22002] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSystemDebugControl [0xF1C2221E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateProcess [0xF1C21BD2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateThread [0xF1C219C0] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!_abnormal_termination + 15C 804E27B8 1 Byte [C2] init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF753C392] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\svchost.exe[256] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[256] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[256] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[256] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[256] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[256] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[256] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[256] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[256] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[256] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[256] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[256] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[256] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[404] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[404] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[404] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[404] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[404] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[404] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[404] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[404] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[404] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[404] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[572] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[572] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[572] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[572] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[572] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[572] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[572] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[572] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[572] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[572] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[572] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[572] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[592] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[592] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[592] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[592] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[604] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[604] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\nvsvc32.exe[604] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[604] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[604] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[604] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[604] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[604] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[604] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[604] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[604] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[604] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[824] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[824] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\System32\alg.exe[824] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[824] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[824] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[824] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[824] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[824] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[824] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[824] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[824] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[824] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[824] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[824] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[860] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 0077FC60 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe .text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[904] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[904] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[904] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[904] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[952] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[952] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\spoolsv.exe[952] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[952] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[952] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[952] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[952] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[952] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[952] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[952] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[952] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[952] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1032] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1032] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1032] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1032] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1032] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1032] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1032] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1032] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1032] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1032] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1032] advapi32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1032] advapi32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1260] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 0094D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1260] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [04, 84] {ADD AL, 0x84} .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1260] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 0095BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1260] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 0095B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1260] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00957DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1260] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0094D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00954F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00955AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1260] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 00953A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1260] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 00954390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1260] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00958BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1260] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 00958990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1260] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 00959CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1260] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 00959BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1332] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1332] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\wdfmgr.exe[1332] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1332] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1332] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1332] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1332] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1332] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1332] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1332] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1332] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1332] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1384] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1384] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\ctfmon.exe[1384] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1384] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1384] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1384] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1384] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1384] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1384] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1384] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1384] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1384] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\csrss.exe[1520] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll .text C:\WINDOWS\system32\csrss.exe[1520] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll .text C:\WINDOWS\Explorer.EXE[1556] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1556] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\Explorer.EXE[1556] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1556] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1556] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1556] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1556] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1556] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1556] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1556] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1556] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1556] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1556] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1556] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1624] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1624] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\services.exe[1624] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1624] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1624] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1624] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1624] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1624] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1624] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1624] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1624] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1624] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1624] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1624] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1624] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1636] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1636] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\lsass.exe[1636] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1636] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1636] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1636] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1636] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1636] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1636] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1636] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1636] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1636] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1744] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 0094D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1744] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [04, 84] {ADD AL, 0x84} .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1744] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 0095BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1744] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 0095B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1744] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00957DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1744] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0094D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00954F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00955AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1744] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 00953A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1744] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 00954390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1744] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00958BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1744] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 00958990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1744] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 00959CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1744] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 00959BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1860] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1860] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1860] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1860] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1860] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1944] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1944] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1944] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1944] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1944] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1944] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1944] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1944] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1944] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1944] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1944] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1944] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1944] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1944] rpcss.dll!WhichService 76A63C84 8 Bytes JMP ED501001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[2044] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 00533F00 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[2044] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 0054D9A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002ADA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002AD60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002AE20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002AE00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002ADC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002A430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002AD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002AD40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002A3E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002AD00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002AD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002ADE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 7 Bytes JMP 1002A6F0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002A480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01389720 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002ACE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002AC20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002A9C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002AC60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002AC80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002AA20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 015BE21B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002ACC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002AA00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002AA60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!MapViewOfFile 7C80B995 5 Bytes JMP 015BE1F4 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002AA40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002AC00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002AAC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002AB40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002AC40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002AB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002ABE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002ABC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002AAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002AA80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002AB00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002AB60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002AAE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002AB20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002ABA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002A9E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002ACA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] GDI32.dll!CreateDIBSection 77F19E09 5 Bytes JMP 015BE17E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2456] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2996] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 00BCD080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2996] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [2C, 84] {SUB AL, 0x84} .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2996] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 00BDBB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2996] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 00BDB860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2996] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00BD7DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2996] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00BCD1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD4F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD5AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2996] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 00BD3A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2996] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 00BD4390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2996] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00BD8BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2996] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 00BD8990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2996] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 00BD9CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2996] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 00BD9BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[3620] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[3620] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\wuauclt.exe[3620] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[3620] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[3620] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[3620] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[3620] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[3620] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[3620] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[3620] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[3620] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[3620] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[3620] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wuauclt.exe[3620] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\Potrzebne\kbsezxsx.exe[3696] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\Potrzebne\kbsezxsx.exe[3696] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Documents and Settings\Admin\Pulpit\Potrzebne\kbsezxsx.exe[3696] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\Potrzebne\kbsezxsx.exe[3696] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\Potrzebne\kbsezxsx.exe[3696] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\Potrzebne\kbsezxsx.exe[3696] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\Potrzebne\kbsezxsx.exe[3696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\Potrzebne\kbsezxsx.exe[3696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\Potrzebne\kbsezxsx.exe[3696] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\Potrzebne\kbsezxsx.exe[3696] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\Potrzebne\kbsezxsx.exe[3696] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\Potrzebne\kbsezxsx.exe[3696] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\Potrzebne\kbsezxsx.exe[3696] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\Potrzebne\kbsezxsx.exe[3696] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Ip networx.sys AttachedDevice \Driver\Tcpip \Device\Tcp networx.sys AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Udp networx.sys AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\RawIp networx.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- EOF - GMER 2.1 ----