Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

problem with ALCMTR.EXE and Avira icon not shown in tray


  • This topic is locked This topic is locked
16 replies to this topic

#1 wegosellhere

wegosellhere

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 27 October 2011 - 08:07 PM

Hello, this is my first time to post something in here. I've read from your forums that ALCMTR.EXE is a malware. I was like, "Really? How come? Isn't it for Realtek Audio or something?". Now I am hoping to put all doubts aside I decided to post my logs here. For the record, I tried downloading dds.scr and run it but I encountered a security alert from COMODO. For some reason, I do not know what happened next. Anyway, I was sort of pissed about it so here I am.

I don't know how to remove ALCMTR safely and I wonder why does my comodo, and avira tray icon suddenly disappear and reappear at random times of the day. No they're not hiding and reappearing, they are really disappearing and reappearing because Taskmgr is telling me they're both running from the background. I ran rkill first before Malwarebytes. Thank you.

Check out these logs:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:56:33 AM, on 10/28/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ping.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://ph.rd.yahoo.com/customize/ycomp/defaults/sp/*http://ph.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://ph.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://ph.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://ph.rd.yahoo.com/customize/ycomp/defaults/su/*http://ph.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride

= *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -

D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO

Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

/auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

(User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy

Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program

Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program

Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1

\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-

5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1

\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-

00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2

-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH -

C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program

Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Blue Coat Systems, Inc. -

C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO -

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software -

C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) -

TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 5932 bytes

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8032

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

10/28/2011 8:48:08 AM
mbam-log-2011-10-28 (08-48-08).txt

Scan type: Quick scan
Objects scanned: 200767
Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 AM

Posted 01 November 2011 - 08:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/425368 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 wegosellhere

wegosellhere
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 05 November 2011 - 07:27 AM

Hi Bleeping Computer Community!

Apologies for not being careful with reading the instructions, thankfully I was now able to post bypass my scanners to post this DDS log. I'm not sure if about the availability of our Windows CD/DVD. Anyway. here's the DDS log followed by the GMER log. Hope to hear from you soon! :D Thank you.


============== Running Processes ===============
.
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://ph.rd.yahoo.com/customize/ycomp/defaults/sp/*http://ph.yahoo.com
mDefault_Page_URL = hxxp://ph.yahoo.com
mStart Page = hxxp://ph.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://ph.rd.yahoo.com/customize/ycomp/defaults/su/*http://ph.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - d:\progra~1\micros~2\office12\GRA8E1~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [RTHDCPL] "RTHDCPL.EXE"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\progra~1\micros~2\office12\GR99D3~1.DLL
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\home2\application data\mozilla\firefox\profiles\7t03cdwr.default\
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\home2\application data\mozilla\firefox\profiles\7t03cdwr.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - plugin: d:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Download Accelerator Plus Integration: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\dap\DAPFireFox
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-3-15 11608]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2009-12-12 74088]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-10-7 492768]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-10-7 31704]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-3-15 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-15 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-3 66616]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2009-12-12 1078632]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-10-7 1883328]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-26 35088]
S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\home2\locals~1\temp\bvf2d.tmp --> c:\docume~1\home2\locals~1\temp\BVF2D.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys --> c:\program files\garena\safedrv.sys [?]
S3 XDva309;XDva309;\??\c:\windows\system32\xdva309.sys --> c:\windows\system32\XDva309.sys [?]
S3 XDva332;XDva332;\??\c:\windows\system32\xdva332.sys --> c:\windows\system32\XDva332.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\xdva349.sys --> c:\windows\system32\XDva349.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\xdva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva361;XDva361;\??\c:\windows\system32\xdva361.sys --> c:\windows\system32\XDva361.sys [?]
S3 XDva366;XDva366;\??\c:\windows\system32\xdva366.sys --> c:\windows\system32\XDva366.sys [?]
S3 XDva367;XDva367;\??\c:\windows\system32\xdva367.sys --> c:\windows\system32\XDva367.sys [?]
S3 XDva368;XDva368;\??\c:\windows\system32\xdva368.sys --> c:\windows\system32\XDva368.sys [?]
S3 XDva370;XDva370;\??\c:\windows\system32\xdva370.sys --> c:\windows\system32\XDva370.sys [?]
S3 XDva372;XDva372;\??\c:\windows\system32\xdva372.sys --> c:\windows\system32\XDva372.sys [?]
S3 XDva377;XDva377;\??\c:\windows\system32\xdva377.sys --> c:\windows\system32\XDva377.sys [?]
S3 XDva379;XDva379;\??\c:\windows\system32\xdva379.sys --> c:\windows\system32\XDva379.sys [?]
S3 XDva383;XDva383;\??\c:\windows\system32\xdva383.sys --> c:\windows\system32\XDva383.sys [?]
S3 XDva384;XDva384;\??\c:\windows\system32\xdva384.sys --> c:\windows\system32\XDva384.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]
S4 JGVXMYM;JGVXMYM;c:\docume~1\admini~1\locals~1\temp\jgvxmym.exe --> c:\docume~1\admini~1\locals~1\temp\JGVXMYM.exe [?]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
=============== Created Last 30 ================
.
2011-11-02 11:54:43 -------- d-----w- c:\program files\NirSoft
2011-10-26 10:22:23 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2011-10-26 10:22:20 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-10-26 10:22:20 -------- d-----w- c:\program files\COMODO
2011-10-26 10:21:52 -------- d-----w- c:\documents and settings\all users\application data\Comodo Downloader
2011-10-14 18:08:04 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky SDK
2011-10-11 14:10:30 -------- d-----w- c:\documents and settings\home2\application data\MailFrontier
2011-10-11 13:33:28 -------- d-----w- c:\documents and settings\home2\application data\CheckPoint
2011-10-11 13:33:24 -------- d-----w- c:\program files\zonealarm_security_suite
2011-10-11 13:32:17 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2011-10-11 13:26:45 -------- d-----w- c:\program files\CheckPoint
2011-10-07 10:48:02 492768 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 10:48:02 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 10:48:00 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 10:47:12 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-07 10:47:12 300200 ----a-w- c:\windows\system32\guard32.dll
.
==================== Find3M ====================
.
2011-09-14 01:38:42 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-31 09:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 7:52:19.40 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-05 20:02:25
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-7 ST3500418AS rev.CC35
Running: gmer.exe; Driver: C:\DOCUME~1\HOME2\LOCALS~1\Temp\pxtdipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xA80F579A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xA80F4D46]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xA80F5400]
SSDT BA7E97AE ZwCreateKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xA80F7ABC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xA80F7E3A]
SSDT BA7E97A4 ZwCreateThread
SSDT BA7E97B3 ZwDeleteKey
SSDT BA7E97BD ZwDeleteValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xA80F4538]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xA80F66C6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xA80F691C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xA80F74EE]
SSDT BA7E97C2 ZwLoadKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xA80F500E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xA80F55DC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xA80F5F94]
SSDT BA7E9790 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xA80F52A8]
SSDT BA7E9795 ZwOpenThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xA80F6B2A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xA80F6F7E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xA80F6D3C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xA80F64DE]
SSDT BA7E97CC ZwReplaceKey
SSDT BA7E97C7 ZwRestoreKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xA80F5DB6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xA80F77DA]
SSDT BA7E97B8 ZwSetValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xA80F4F78]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xA80F5194]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xA80F4B48]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xA80F4936]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!Ke386IoSetAccessProcess 804F8166 6 Bytes PUSH A69F81DC; RET \??\D:\CherryDeGames\Dragon Nest\GPK\1394hub.sys
.text ntkrnlpa.exe!KeAttachProcess 804F8826 6 Bytes PUSH A69FB8C8; RET \??\D:\CherryDeGames\Dragon Nest\GPK\1394hub.sys
.text ntkrnlpa.exe!KeStackAttachProcess 804F8926 6 Bytes PUSH A69FBC04; RET \??\D:\CherryDeGames\Dragon Nest\GPK\1394hub.sys
.text ntkrnlpa.exe!KeInitializeApc 804FC092 6 Bytes PUSH A69FC018; RET \??\D:\CherryDeGames\Dragon Nest\GPK\1394hub.sys
.text ntkrnlpa.exe!ZwOpenSection + 5 804FFA69 6 Bytes PUSH A69FB51C; RET \??\D:\CherryDeGames\Dragon Nest\GPK\1394hub.sys
PAGE ntkrnlpa.exe!ZwOpenSection 805A8E12 6 Bytes PUSH A69FB104; RET \??\D:\CherryDeGames\Dragon Nest\GPK\1394hub.sys
PAGE ntkrnlpa.exe!ZwWriteVirtualMemory 805B2D5C 6 Bytes PUSH A69FCE38; RET \??\D:\CherryDeGames\Dragon Nest\GPK\1394hub.sys
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B6DA2 6 Bytes PUSH A69F7D56; RET \??\D:\CherryDeGames\Dragon Nest\GPK\1394hub.sys
PAGE ntkrnlpa.exe!ObCheckObjectAccess 805BEACC 6 Bytes PUSH A69FAB4C; RET \??\D:\CherryDeGames\Dragon Nest\GPK\1394hub.sys
PAGE ntkrnlpa.exe!ZwCreateThread 805CF804 6 Bytes PUSH A69F767A; RET \??\D:\CherryDeGames\Dragon Nest\GPK\1394hub.sys
PAGE ntkrnlpa.exe!ZwQueueApcThread 805CFA62 6 Bytes PUSH A69F80A6; RET \??\D:\CherryDeGames\Dragon Nest\GPK\1394hub.sys
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D1170 6 Bytes PUSH A69FCBD0; RET \??\D:\CherryDeGames\Dragon Nest\GPK\1394hub.sys
? D:\CherryDeGames\Dragon Nest\GPK\1394hub.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\ping.exe[164] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ping.exe[164] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ping.exe[164] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ping.exe[164] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ping.exe[164] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ping.exe[164] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ping.exe[164] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ping.exe[164] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ping.exe[164] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ping.exe[164] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ping.exe[164] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ping.exe[164] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ping.exe[164] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[172] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[172] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[172] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[172] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[172] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[172] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[172] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[172] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[172] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[172] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[172] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[172] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[172] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe[180] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe[180] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe[180] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe[180] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe[180] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe[180] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe[180] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe[180] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe[180] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe[180] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe[180] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe[180] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe[180] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[252] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[252] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[252] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[252] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[252] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[252] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[252] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[252] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[252] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[252] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[252] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[252] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\locator.exe[252] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[256] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[256] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[256] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[256] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[256] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[256] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[256] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[256] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[256] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[256] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[256] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[280] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[280] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[280] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[280] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[280] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[280] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[280] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[280] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[280] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[280] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[280] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[280] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[280] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[352] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 0039D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[352] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 003ABB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[352] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 003AB800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[352] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003A7DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[352] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0039D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[352] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 003A4F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[352] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 003A5AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[352] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 003A8BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[352] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 003A9CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[352] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 003A8970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[352] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 003A9BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[352] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 003A3A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxtray.exe[352] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 003A4370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[536] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[536] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[536] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[536] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[536] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[536] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[536] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[536] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[536] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[536] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[536] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[536] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[536] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[584] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[584] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[584] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[584] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[584] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[584] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[584] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[584] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[584] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[584] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[584] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[584] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[584] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[648] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 0039D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[648] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 003ABB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[648] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 003AB800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[648] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003A7DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[648] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0039D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[648] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 003A4F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[648] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 003A5AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[648] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 003A8BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[648] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 003A9CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[648] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 003A8970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[648] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 003A9BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[648] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 003A3A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[648] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 003A4370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\tcpsvcs.exe[656] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\tcpsvcs.exe[656] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\tcpsvcs.exe[656] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\tcpsvcs.exe[656] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\tcpsvcs.exe[656] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\tcpsvcs.exe[656] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\tcpsvcs.exe[656] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\tcpsvcs.exe[656] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\tcpsvcs.exe[656] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\tcpsvcs.exe[656] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\tcpsvcs.exe[656] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\tcpsvcs.exe[656] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\tcpsvcs.exe[656] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[696] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[696] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[696] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[696] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[696] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[696] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[696] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[696] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[696] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[696] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[696] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[696] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[696] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[716] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[716] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[716] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[716] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[716] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[716] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[716] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[716] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[716] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[716] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[716] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[716] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[716] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxsrvc.exe[828] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxsrvc.exe[828] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxsrvc.exe[828] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxsrvc.exe[828] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxsrvc.exe[828] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxsrvc.exe[828] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxsrvc.exe[828] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxsrvc.exe[828] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxsrvc.exe[828] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxsrvc.exe[828] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxsrvc.exe[828] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxsrvc.exe[828] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxsrvc.exe[828] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[864] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[864] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[864] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[864] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[864] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[864] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[864] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[864] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[864] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[864] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[864] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[864] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\igfxpers.exe[864] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[892] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 0076BD10 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\csrss.exe[908] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\csrss.exe[908] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[964] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[964] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[964] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[964] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[964] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[964] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[964] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[964] ADVAPI32.DLL!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[964] ADVAPI32.DLL!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[964] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[964] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[964] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[964] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] RPCRT4.dll!RpcServerRegisterIfEx 77EA141B 5 Bytes JMP 1001F040 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1016] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1016] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1016] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1016] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[1064] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[1064] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[1064] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[1064] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[1064] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[1064] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[1064] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[1064] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[1064] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[1064] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[1064] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[1064] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[1064] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1200] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1200] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1200] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1200] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1200] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1200] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1200] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1200] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1200] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1200] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1200] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1200] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1200] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1296] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1296] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1296] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1296] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1296] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1296] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1296] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1296] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1296] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1296] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1296] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1296] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1296] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1360] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1360] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1360] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1360] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1360] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1360] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1360] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1360] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1360] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1360] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1360] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1360] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1360] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1400] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1400] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1400] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1400] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1400] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1400] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1400] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1400] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1400] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1400] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1400] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1400] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1400] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\snmp.exe[1444] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\snmp.exe[1444] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\snmp.exe[1444] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\snmp.exe[1444] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\snmp.exe[1444] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\snmp.exe[1444] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\snmp.exe[1444] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\snmp.exe[1444] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\snmp.exe[1444] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\snmp.exe[1444] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\snmp.exe[1444] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\snmp.exe[1444] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\snmp.exe[1444] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1648] RPCRT4.dll!RpcServerRegisterIfEx 77EA141B 5 Bytes JMP 1001F040 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1648] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1648] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1648] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1648] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1680] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[1688] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 003BD060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[1688] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 003CBB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[1688] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 003CB800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[1688] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003C7DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[1688] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 003BD180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[1688] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 003C4F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[1688] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 003C5AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[1688] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 003C8BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[1688] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 003C9CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[1688] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 003C8970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[1688] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 003C9BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[1688] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 003C3A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[1688] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 003C4370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1732] RPCRT4.dll!RpcServerRegisterIfEx 77EA141B 5 Bytes JMP 1001F040 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1732] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1732] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1732] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1732] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1732] rpcss.dll!WhichService 76A84424 8 Bytes JMP ED301001
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1768] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00CFD060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1768] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 00D0BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1768] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 00D0B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1768] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00D07DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1768] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00CFD180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1768] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D04F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1768] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D05AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1768] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D03A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1768] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D04370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1768] USER32.dll!TrackPopupMenu 77D94F16 5 Bytes JMP 10407D29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1768] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 00D08BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1768] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 00D09CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1768] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 00D08970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1768] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 00D09BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1832] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 00526240 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1832] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 0053F8A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1880] RPCRT4.dll!RpcServerRegisterIfEx 77EA141B 5 Bytes JMP 1001F040 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1880] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1880] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1880] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1880] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\TUProgSt.exe[1928] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\TUProgSt.exe[1928] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\TUProgSt.exe[1928] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\TUProgSt.exe[1928] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\TUProgSt.exe[1928] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\TUProgSt.exe[1928] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\TUProgSt.exe[1928] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\TUProgSt.exe[1928] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\TUProgSt.exe[1928] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\TUProgSt.exe[1928] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\TUProgSt.exe[1928] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\TUProgSt.exe[1928] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\TUProgSt.exe[1928] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1964] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1964] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1964] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1964] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1964] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1964] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1964] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1964] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1964] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1964] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1964] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1964] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1964] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\taskmgr.exe[2732] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\taskmgr.exe[2732] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\taskmgr.exe[2732] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\taskmgr.exe[2732] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\taskmgr.exe[2732] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\taskmgr.exe[2732] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\taskmgr.exe[2732] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\taskmgr.exe[2732] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\taskmgr.exe[2732] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\taskmgr.exe[2732] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\taskmgr.exe[2732] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\taskmgr.exe[2732] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\taskmgr.exe[2732] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3004] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3004] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3004] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3004] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3004] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3004] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3004] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3004] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3004] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3004] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3004] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3004] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3004] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 00E0AD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00DFD060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00E0AD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 00E0ADC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 00E0ADA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 00E0AD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 00E0A3D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 00E0AD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 00E0ACE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 00E0A380 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 00E0BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 00E0B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 00E0ACA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 00E0ACC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00E0AD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 7 Bytes JMP 00E0A690 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 00E0A420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00E07DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00DFD180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 00E0AC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E0ABC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E0A960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 00E0AC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E0AC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E0A9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E04F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E05AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00E0AC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00E0A9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 00E0AA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 00E0A9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00E0ABA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 00E0AA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 00E0AA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 00E0AA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00E0AB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 00E0AA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00E0AB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 00E0ABE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 00E0AB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00E0AB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00E0AAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 00E0AAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 00E0AAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 00E0AB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00E0A980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 00E0AC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00E03A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00E04370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 00E0A860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 00E0A880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 00E08BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 00E09CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 00E08970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 00E09BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 00E0A8E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 00E0A900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 00E0A940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3052] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 00E0A920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[3920] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[3920] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[3920] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[3920] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[3920] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[3920] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[3920] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[3920] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[3920] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[3920] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[3920] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[3920] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[3920] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HOME2\Desktop\gmer.exe[3936] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HOME2\Desktop\gmer.exe[3936] ntdll.dll!NtReplyWaitReceivePort 7C90E378 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HOME2\Desktop\gmer.exe[3936] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HOME2\Desktop\gmer.exe[3936] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HOME2\Desktop\gmer.exe[3936] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HOME2\Desktop\gmer.exe[3936] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HOME2\Desktop\gmer.exe[3936] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HOME2\Desktop\gmer.exe[3936] GDI32.dll!DeleteDC 77F16CA6 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HOME2\Desktop\gmer.exe[3936] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HOME2\Desktop\gmer.exe[3936] GDI32.dll!GetPixel 77F1D35B 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HOME2\Desktop\gmer.exe[3936] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HOME2\Desktop\gmer.exe[3936] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HOME2\Desktop\gmer.exe[3936] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip bckd.sys (Blue Coat Web Filter driver/Blue Coat Systems, Inc.)

Device \Driver\1394hub \Device\1394hub 1394hub.sys

AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp bckd.sys (Blue Coat Web Filter driver/Blue Coat Systems, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp bckd.sys (Blue Coat Web Filter driver/Blue Coat Systems, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp bckd.sys (Blue Coat Web Filter driver/Blue Coat Systems, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs A67DD400

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x6C 0xDA 0x6C 0xE2 ...

---- EOF - GMER 1.0.15 ----

Attached Files



#4 wegosellhere

wegosellhere
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 05 November 2011 - 07:28 AM

Oh by the way, here's a screenshot of the said "hiding" icons.

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,774 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 AM

Posted 07 November 2011 - 10:33 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===


Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers. Note: Located in \%WINDIR%\

You can disable by running the MsConfig and disabling the process. It's not needed.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,774 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 AM

Posted 13 November 2011 - 10:30 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

#7 wegosellhere

wegosellhere
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 14 November 2011 - 02:23 AM

ComboFix 11-11-08.02 - HOME2 11/10/2011 6:59.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2036.1416 [GMT 8:00]
Running from: d:\installers\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\A9662AE0.TMP
c:\documents and settings\HOME2\WINDOWS
c:\windows\iun6002.exe
c:\windows\reinfo
c:\windows\reinfo\date.obo
c:\windows\reinfo\engine\connect.obo
c:\windows\reinfo\engine\connect2.obo
c:\windows\reinfo\engine\connect3.obo
c:\windows\reinfo\engine\rnd_var.obo
c:\windows\system32\Cache
.
.
((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 )))))))))))))))))))))))))))))))
.
.
2011-11-03 17:38 . 2011-11-03 17:38 -------- d-----w- c:\program files\Microsoft XNA
2011-11-03 17:34 . 2011-11-03 17:34 -------- d-----w- c:\program files\WB Games
2011-11-02 11:54 . 2011-11-02 11:54 -------- d-----w- c:\program files\NirSoft
2011-10-26 10:22 . 2011-10-27 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2011-10-26 10:22 . 2011-10-26 10:26 -------- d-----w- c:\program files\COMODO
2011-10-26 10:22 . 2011-10-26 10:22 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-10-26 10:21 . 2011-10-26 10:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2011-10-14 18:08 . 2011-10-14 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky SDK
2011-10-11 14:10 . 2011-10-19 12:04 -------- d-----w- c:\documents and settings\HOME2\Application Data\MailFrontier
2011-10-11 13:33 . 2011-10-11 13:33 -------- d-----w- c:\documents and settings\HOME2\Application Data\CheckPoint
2011-10-11 13:33 . 2011-10-11 14:05 -------- d-----w- c:\program files\zonealarm_security_suite
2011-10-11 13:32 . 2011-10-11 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2011-10-11 13:26 . 2011-10-26 10:06 -------- d-----w- c:\program files\CheckPoint
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 10:48 . 2011-10-07 10:48 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 10:48 . 2011-10-07 10:48 492768 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 10:48 . 2011-10-07 10:48 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 10:48 . 2011-10-07 10:48 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 10:47 . 2011-10-07 10:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-07 10:47 . 2011-10-07 10:47 300200 ----a-w- c:\windows\system32\guard32.dll
2011-09-14 01:38 . 2011-03-15 06:18 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-09-14 01:38 . 2009-09-02 16:45 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-31 09:00 . 2011-03-15 10:57 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-16 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-16 137752]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-16 281768]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 15:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- d:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-01-16 01:10 69632 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 04:56 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-15 10:48 136176 ----atw- c:\documents and settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 16:47 31016 ----a-w- d:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 08:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 03:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SwOffWeb"=2 (0x2)
"SwOffScheduler"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"YahooAUService"=2 (0x2)
"ScsiAccess"=2 (0x2)
"rpcapd"=3 (0x3)
"npggsvc"=3 (0x3)
"JGVXMYM"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"Browser"=3 (0x3)
"aspnet_state"=3 (0x3)
"Application Updater"=3 (0x3)
"ALG"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"dmserver"=2 (0x2)
"cisvc"=3 (0x3)
"BITS"=3 (0x3)
"RSVP"=3 (0x3)
"PNRPSvc"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"p2psvc"=3 (0x3)
"p2pimsvc"=3 (0x3)
"p2pgasvc"=3 (0x3)
"Nla"=3 (0x3)
"Net Driver HPZ12"=2 (0x2)
"MSFtpsvc"=2 (0x2)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"getPlusHelper"=3 (0x3)
"wuauserv"=2 (0x2)
"seclogon"=3 (0x3)
"SCardSvr"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"Persistence"=c:\windows\system32\igfxpers.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"RTHDCPL"="RTHDCPL.EXE"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Counter-Strike Source\\hl2.exe"=
"d:\\Warcraft III\\Frozen Throne.exe"=
"d:\\installers\\utorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\CherryDeGames\\Dragon Nest\\DragonNest.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:*:Disabled:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
.
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [12/12/2009 6:52 AM 74088]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10/7/2011 6:48 PM 492768]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/7/2011 6:48 PM 31704]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/15/2011 2:18 PM 136360]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [12/12/2009 6:52 AM 1078632]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 12:56 PM 14336]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/26/2010 1:07 AM 35088]
S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 PM 14336]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\HOME2\LOCALS~1\Temp\BVF2D.tmp --> c:\docume~1\HOME2\LOCALS~1\Temp\BVF2D.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 XDva309;XDva309;\??\c:\windows\system32\XDva309.sys --> c:\windows\system32\XDva309.sys [?]
S3 XDva332;XDva332;\??\c:\windows\system32\XDva332.sys --> c:\windows\system32\XDva332.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva361;XDva361;\??\c:\windows\system32\XDva361.sys --> c:\windows\system32\XDva361.sys [?]
S3 XDva366;XDva366;\??\c:\windows\system32\XDva366.sys --> c:\windows\system32\XDva366.sys [?]
S3 XDva367;XDva367;\??\c:\windows\system32\XDva367.sys --> c:\windows\system32\XDva367.sys [?]
S3 XDva368;XDva368;\??\c:\windows\system32\XDva368.sys --> c:\windows\system32\XDva368.sys [?]
S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]
S3 XDva372;XDva372;\??\c:\windows\system32\XDva372.sys --> c:\windows\system32\XDva372.sys [?]
S3 XDva377;XDva377;\??\c:\windows\system32\XDva377.sys --> c:\windows\system32\XDva377.sys [?]
S3 XDva379;XDva379;\??\c:\windows\system32\XDva379.sys --> c:\windows\system32\XDva379.sys [?]
S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?]
S3 XDva384;XDva384;\??\c:\windows\system32\XDva384.sys --> c:\windows\system32\XDva384.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
S4 JGVXMYM;JGVXMYM;c:\docume~1\ADMINI~1\LOCALS~1\Temp\JGVXMYM.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\JGVXMYM.exe [?]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-09 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 14:36]
.
2011-11-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 03:50]
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-308236825-839522115-1006Core.job
- c:\documents and settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-15 10:48]
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-308236825-839522115-1006UA.job
- c:\documents and settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-15 10:48]
.
2011-11-09 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2011-01-28 08:45]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ph.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://ph.rd.yahoo.com/customize/ycomp/defaults/su/*http://ph.yahoo.com
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\HOME2\Application Data\Mozilla\Firefox\Profiles\7t03cdwr.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Download Accelerator Plus Integration: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\DAP\DAPFireFox
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
MSConfigStartUp-SkyTel - SkyTel.EXE
AddRemove-EnchantedRO Mini Installer v1.0 - d:\program files\WolfRO\Wolf RO\Wolf RO\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-10 07:05
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\HOME2\LOCALS~1\Temp\BVF2D.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:6c,da,6c,e2,fd,4b,c1,36,2e,f1,e9,fc,d0,72,be,42,45,7e,f9,21,d2,
86,c6,7f,c7,31,c3,38,0f,06,7d,b8,a8,44,5e,d8,46,62,a6,c7,7a,2d,20,30,b8,9c,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:6c,da,6c,e2,fd,4b,c1,36,2e,f1,e9,fc,d0,72,be,42,45,7e,f9,21,d2,
86,c6,7f,c7,31,c3,38,0f,06,7d,b8,a8,44,5e,d8,46,62,a6,c7,7a,2d,20,30,b8,9c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1336)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(1432)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(1308)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2011-11-10 07:07:49
ComboFix-quarantined-files.txt 2011-11-09 23:07
.
Pre-Run: 23,779,360,768 bytes free
Post-Run: 24,130,854,912 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - EBD475B6A3AFFAF2B7C2CD562731ADA2

Results of screen317's Security Check version 0.99.25
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
iPod Reset Utility
COMODO Internet Security
ZoneAlarm Antivirus
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
TuneUp Utilities 2009
CCleaner
Java™ 6 Update 21
Java™ SE Runtime Environment 6
Java™ SE Development Kit 6
Out of date Java installed!
Adobe Flash Player ( 10.3.181.26) Flash Player Out of Date!
Mozilla Firefox ((3.6.23)) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````End of Log````````````

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,774 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 AM

Posted 16 November 2011 - 08:43 AM

Sorry for this long delay.

Your ComboFix log is clean.

Important security issue
Support for Windows XP Service Pack 2 ended 13/07/2010
http://support.microsoft.com/lifecycle/?LN=en-gb&C2=1173

For continued support get the Service Pack 3.

http://windows.microsoft.com/en-us/windows/help/learn-how-to-install-windows-xp-service-pack-3-sp3
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the correct version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 21
Java™ SE Runtime Environment 6
Java™ SE Development Kit 6

===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Adobe Flash Player 11.0.1.152

Flash Player 11.0.1.152

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.
===

Please let me know of any remaining issues.

#9 wegosellhere

wegosellhere
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 17 November 2011 - 03:33 AM

Hi nasdaq,

Thank you for the response. So does that mean my ALCMTR is already removed? And how come my spoolsv always shut down?

#10 wegosellhere

wegosellhere
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 17 November 2011 - 03:36 AM

Btw, when I click the link to get an adobe flash player, my browser arrives at this url: http://get.adobe.com/flashplayer/download/?installer=Flash_Player_10_for_Other_Browsers&d=McAfee_Security_Scan_Plus&os=XP&browser=Firefox

#11 wegosellhere

wegosellhere
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 17 November 2011 - 03:42 AM

Hi nasdaq,

update: i read something frome here:http://www.dslreports.com/forum/r26397496-Wouldn-t-update-to-Adobe-Flash-Player-11.0.1.152

and then i downloaded here instead: http://www.filehippo.com/download_flashplayer_firefox/download/b0cb98d7027b23880925463e9c8306ea/

i really want the old firefox, latest 3.6.x than firefox 8 or firefox x... i like to drag tabs across different windows :D

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,774 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 AM

Posted 17 November 2011 - 10:44 AM

Btw, when I click the link to get an adobe flash player, my browser arrives at this url: http://get.adobe.com/flashplayer/download/?installer=Flash_Player_10_for_Other_Browsers&d=McAfee_Security_Scan_Plus&os=XP&browser=Firefox

For Firefox this is the correct version.

For internet Explorer use the version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)

i really want the old firefox, latest 3.6.x than firefox 8 or firefox x... i like to drag tabs across different windows :D

No problems I still use it.

===

And how come my spoolsv always shut down?


The spooler service is responsible for managing spooled print/fax jobs. Spooling allows you to print in the background without your computer being tied up.
Do you have any difficulties printing or Faxing?

===

You can delete these programs.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!

#13 wegosellhere

wegosellhere
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 21 November 2011 - 10:50 PM

Sir,

The problem with firefox and flash player seems to be okay. But how about the ALCMTR and avira icon? Or do I need to upgrade my system to XP service pack 3?

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,774 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 AM

Posted 22 November 2011 - 10:22 AM

Run the Config.exe and find out if ALCMTR is disable.

If you need it just enable it.
===

This link may be the solution to your Avira Icon.
http://www.wilderssecurity.com/showthread.php?t=228064
===

For your protection you need to upgrade to XP service pack 3?

#15 wegosellhere

wegosellhere
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 25 November 2011 - 10:36 AM

Thanks. Btw, what about comodo? Does that mean the startup in my msconfig should match the startup items in my startup folder?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users