Hi chemist, thanks for your reply.
Here is the gmer.txt
GMER 1.0.14.14536 -
http://www.gmer.net
Rootkit scan 2008-11-05 00:18:06
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xF600A7B6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xF6009D16]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xF600A372]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xF600AF80]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xF6009A70]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xF600BC70]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xF600A99C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xF6009646]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xF600ABEA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xF600AD9A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xF60094F8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xF600B8F2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xF6009F5C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xF600A5AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xF6009228]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xF600A1EC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xF60093A0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xF600B346]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xF6009B8E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xF600B6AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xF600BAA0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xF600B146]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xF6009EF6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xF600A0E0]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF5EF1F20]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xF6009808]
---- Kernel code sections - GMER 1.0.14 ----
? MFX.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\system32\wdfmgr.exe[244] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[244] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[244] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 26, 84 ]
.text C:\WINDOWS\system32\wdfmgr.exe[244] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[244] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wdfmgr.exe[244] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[244] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[244] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[244] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[244] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[244] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[244] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[244] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\wdfmgr.exe[244] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[244] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[360] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[360] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[360] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 22, 84 ]
.text C:\WINDOWS\system32\MsPMSPSv.exe[360] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\MsPMSPSv.exe[360] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\MsPMSPSv.exe[360] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\MsPMSPSv.exe[360] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[360] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[360] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[360] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[360] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[360] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[360] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\MsPMSPSv.exe[360] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[360] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 9E, 84 ]
.text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[580] KERNEL32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\winlogon.exe[604] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[604] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, FB, 84 ]
.text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\winlogon.exe[604] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[604] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[604] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[604] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[604] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[604] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[604] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\winlogon.exe[604] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[604] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[648] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[648] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[648] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 75, 84 ]
.text C:\WINDOWS\system32\services.exe[648] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[648] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[648] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\services.exe[648] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[648] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[648] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[648] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[648] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[648] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[648] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\services.exe[648] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[648] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[660] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[660] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[660] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, AC, 84 ]
.text C:\WINDOWS\system32\lsass.exe[660] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[660] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[660] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\lsass.exe[660] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[660] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[660] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[660] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[660] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[660] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[660] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\lsass.exe[660] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[660] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 5F, 84 ]
.text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[808] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[808] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[808] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[808] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[808] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[808] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[808] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[808] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[808] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 80, 84 ]
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[860] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[860] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[860] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[860] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[860] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[860] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[860] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[860] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[860] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[960] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[960] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[960] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BB, 85 ]
.text C:\WINDOWS\System32\svchost.exe[960] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[960] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[960] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\svchost.exe[960] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[960] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[960] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[960] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[960] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[960] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[960] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\svchost.exe[960] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[960] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 5B, 84 ]
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1072] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1072] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1072] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1072] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1072] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1072] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 73, 84 ]
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1188] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1188] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1188] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1188] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1188] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1188] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1256] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 003B5690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1256] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003B55C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1256] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, C6, 88 ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1256] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1256] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1256] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1256] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 003B1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1256] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 003B1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1256] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 003B13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1256] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 49, 88 ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1256] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003B5250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1256] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 003B16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1256] USER32.dll!keybd_event 7E466783 5 Bytes JMP 003B1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1256] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 003B4F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1256] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 003B50E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1296] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1296] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1296] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 5C, 84 ]
.text C:\WINDOWS\Explorer.EXE[1296] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1296] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\Explorer.EXE[1296] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[1296] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[1296] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1296] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1296] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1296] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\Explorer.EXE[1296] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1296] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1296] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1296] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1296] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1348] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1348] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1348] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 54, 84 ]
.text C:\WINDOWS\system32\spoolsv.exe[1348] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1348] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[1348] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1348] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1348] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1348] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1348] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\spoolsv.exe[1348] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1348] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1348] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1348] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1348] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1420] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1420] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1420] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, EA, 83 ]
.text C:\WINDOWS\System32\alg.exe[1420] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\alg.exe[1420] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[1420] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[1420] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\alg.exe[1420] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1420] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1420] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1420] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1420] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1420] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1420] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\alg.exe[1420] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1420] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 2A, 84 ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1692] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 74, 84 ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1864] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 00385690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1864] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003855C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1864] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 3E, 85 ]
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1864] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0B001E
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1864] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F05001E
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1864] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0E001E
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1864] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00385250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1864] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 003816D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1864] USER32.dll!keybd_event 7E466783 5 Bytes JMP 00381550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1864] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00381860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1864] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 00381230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1864] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 003813C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1864] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 46, 88 ]
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1864] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00384F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1864] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 003850E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\CTsvcCDA.exe[1960] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 50, 84 ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1960] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1960] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1960] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2000] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7D, 84 ]
.text C:\WINDOWS\system32\nvsvc32.exe[2000] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2000] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2000] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[2024] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[2024] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[2024] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[2024] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[2024] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[2024] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[2024] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[2024] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[2024] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[2024] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[2024] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\mike\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2052] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003855C0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\mike\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2052] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 3A, 84 ]
.text C:\DOCUME~1\mike\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2052] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\DOCUME~1\mike\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2052] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\DOCUME~1\mike\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2052] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\DOCUME~1\mike\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2052] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\DOCUME~1\mike\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2052] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00385250 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\mike\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2052] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 003816D0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\mike\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2052] USER32.dll!keybd_event 7E466783 5 Bytes JMP 00381550 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\mike\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2052] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00381860 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\mike\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2052] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 00381230 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\mike\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2052] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 003813C0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\mike\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2052] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 46, 88 ]
.text C:\DOCUME~1\mike\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2052] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00384F60 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\mike\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2052] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 003850E0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe[2272] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe[2272] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe[2272] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 20, 84 ]
.text C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe[2272] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe[2272] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe[2272] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe[2272] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe[2272] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe[2272] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe[2272] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe[2272] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe[2272] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe[2272] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe[2272] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe[2272] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe[2272] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[2492] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[2492] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[2492] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 22, 84 ]
.text C:\WINDOWS\system32\Rundll32.exe[2492] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\Rundll32.exe[2492] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\system32\Rundll32.exe[2492] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\Rundll32.exe[2492] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\Rundll32.exe[2492] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[2492] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[2492] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[2492] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\Rundll32.exe[2492] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[2492] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[2492] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[2492] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[2492] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[2580] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[2580] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[2580] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 22, 84 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2580] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2580] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2580] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2580] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2580] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[2580] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[2580] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[2580] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2580] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[2580] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[2580] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[2580] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[2580] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cfp.exe[2624] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CA, 84 ]
.text C:\Program Files\COMODO\Firewall\cfp.exe[2624] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0B001E
.text C:\Program Files\COMODO\Firewall\cfp.exe[2624] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\COMODO\Firewall\cfp.exe[2624] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F05001E
.text C:\Program Files\COMODO\Firewall\cfp.exe[2624] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0E001E
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[2680] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[2680] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[2680] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 50, 84 ]
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[2680] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[2680] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[2680] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[2680] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[2680] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[2680] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[2680] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[2680] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[2680] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[2680] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[2680] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[2680] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[2680] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2768] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2768] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2768] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 24, 84 ]
.text C:\WINDOWS\system32\ctfmon.exe[2768] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2768] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\system32\ctfmon.exe[2768] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[2768] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2768] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2768] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2768] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2768] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2768] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2768] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2768] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\ctfmon.exe[2768] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2768] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2872] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2872] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2872] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, A0, 84 ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2872] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2872] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2872] kernel32.dll!CreateMutexA 7C80E9CF 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2872] kernel32.dll!GetCommandLineA 7C812FAD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2872] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2872] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2872] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2872] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2872] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2872] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2872] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2872] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2872] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F8478710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F8478770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F8478990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F8478950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F8478950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F8478770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F8478710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F8478990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F8478990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F8478950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F8478770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F8478710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F8478950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F8478990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F8478710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F8478770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F8478710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F8478770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F8478950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F8478990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F8478950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F8478770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F8478710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F8478950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F8478990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F8478710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F8478770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs MFX.sys
AttachedDevice \FileSystem\Ntfs \Ntfs AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \FileSystem\Fastfat \Fat MFX.sys
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVRec.sys (PC Tools Recognizer Driver for Windows 2000/XP/PC Tools Research Pty Ltd )
---- Files - GMER 1.0.14 ----
File C:\SYZ_DAT 0 bytes
File C:\SYZ_DAT\ali.exe 28672 bytes executable
File C:\SYZ_DAT\cdlock.dll 49152 bytes executable
File C:\SYZ_DAT\cpy.exe 32768 bytes executable
File C:\SYZ_DAT\dirlist 250 bytes
File C:\SYZ_DAT\dirlist_bak 250 bytes
File C:\SYZ_DAT\DL.BAK 250 bytes
File C:\SYZ_DAT\EMF_Decrypt.exe 126976 bytes executable
File C:\SYZ_DAT\fldrvw61.ocx 417792 bytes
File C:\SYZ_DAT\install.exe 1138688 bytes executable
File C:\SYZ_DAT\magic.exe 24576 bytes executable
File C:\SYZ_DAT\mf.chm 33137 bytes
File C:\SYZ_DAT\mf.txx 24994 bytes
File C:\SYZ_DAT\mfx 52108 bytes executable
File C:\SYZ_DAT\MFX.CFG 104 bytes
File C:\SYZ_DAT\mfx_cfg.org 93 bytes
File C:\SYZ_DAT\readme.txt 3162 bytes
File C:\SYZ_DAT\systray.exe 32768 bytes executable
File C:\SYZ_DAT\tb.exe 24576 bytes executable
File C:\WINDOWS\system32\drivers\MFX.SYS 52108 bytes executable
---- EOF - GMER 1.0.14 ----