GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-05-20 19:43:24 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 TOSHIBA_MK2546GSX rev.LB014C Running: mqy2xdf8.exe; Driver: C:\Users\Ania\AppData\Local\Temp\fwlcqaog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x89B87F26] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x89B88112] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x89B87286] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x89B87B8C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x89B87940] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x89B88C8A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x89B86C72] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x89B88340] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x89B886BC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x89B8754E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x89B87D68] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x89B877E8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x89B889A8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x89B874B8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x89B876D4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x89B87088] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x89B86E76] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 83A85349 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83ABED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 83AC5D8C 4 Bytes [26, 7F, B8, 89] .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 83AC5DB4 4 Bytes [12, 81, B8, 89] .text ntkrnlpa.exe!KeRemoveQueueEx + 1193 83AC5E48 4 Bytes [86, 72, B8, 89] .text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 83AC5E64 4 Bytes [8C, 7B, B8, 89] .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 83AC5EAC 4 Bytes [40, 79, B8, 89] .text ... .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x899ABB2E] .text USBPORT.SYS!DllUnload 8FF96DB9 5 Bytes JMP 870EB1C8 ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\svchost.exe[112] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[112] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[112] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[112] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[112] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[112] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[112] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[112] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[112] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[112] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[112] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[112] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[568] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[568] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[568] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[568] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[568] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[568] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[568] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[568] RPCRT4.dll!RpcServerRegisterIfEx 761909BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[568] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[568] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[568] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[568] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[568] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[628] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[628] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[628] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[628] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[628] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[628] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[628] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[628] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[712] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 75EB1BA0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[712] ntdll.dll!NtReplyWaitReceivePort 77D06418 5 Bytes JMP 75EB1450 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[712] ntdll.dll!NtReplyWaitReceivePortEx 77D06428 5 Bytes JMP 75EB17F0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[728] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[728] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[728] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[728] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[728] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[728] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[728] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[728] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[728] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[728] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[728] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[728] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!RegisterRawInputDevices 77E25B52 5 Bytes JMP 10018E60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!SystemParametersInfoA 77E280E0 7 Bytes JMP 1001C5F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!SetParent 77E28314 5 Bytes JMP 100188E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!EnableWindow 77E28D02 5 Bytes JMP 10017E00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!MoveWindow 77E28D29 5 Bytes JMP 10018B80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!GetAsyncKeyState 77E2A256 5 Bytes JMP 10019080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!RegisterHotKey 77E2AA19 5 Bytes JMP 100180A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!PostThreadMessageA 77E2AD09 5 Bytes JMP 1001B8E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!SendMessageA 77E2AD60 5 Bytes JMP 1001B3A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!PostMessageA 77E2B446 5 Bytes JMP 1001BE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!SendNotifyMessageW 77E2C88A 5 Bytes JMP 1001A0C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!SystemParametersInfoW 77E2E09A 7 Bytes JMP 1001C3D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!SetWindowsHookExW 77E2E30C 1 Byte [E9] .text C:\Windows\system32\wininit.exe[780] USER32.dll!SetWindowsHookExW 77E2E30C 5 Bytes JMP 1001C810 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!SendMessageTimeoutW 77E2E459 5 Bytes JMP 1001AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!PostThreadMessageW 77E2EEFC 5 Bytes JMP 1001B640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!SetWinEventHook 77E324DC 5 Bytes JMP 1001C0C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!GetKeyState 77E32B4D 5 Bytes JMP 10019330 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!SendMessageCallbackW 77E32F7B 5 Bytes JMP 1001A600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!PostMessageW 77E3447B 5 Bytes JMP 1001BB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!SendMessageW 77E35539 5 Bytes JMP 1001B100 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!GetClipboardData 77E42BA7 5 Bytes JMP 100182D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!SendNotifyMessageA 77E4493C 5 Bytes JMP 1001A360 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!mouse_event 77E46209 5 Bytes JMP 10029670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!SetClipboardViewer 77E46FF6 5 Bytes JMP 100186E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!SendDlgItemMessageW 77E470D8 5 Bytes JMP 10019B60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!SendDlgItemMessageA 77E47241 5 Bytes JMP 10019E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!GetKeyboardState 77E56946 5 Bytes JMP 100195E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!BlockInput 77E56A99 5 Bytes JMP 100184E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!SetWindowsHookExA 77E56D0C 5 Bytes JMP 1001CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!SendMessageTimeoutA 77E56DA9 5 Bytes JMP 1001AE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!SendInput 77E57019 5 Bytes JMP 10019890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!ExitWindowsEx 77E706C7 5 Bytes JMP 10017BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!keybd_event 77E7EC3B 5 Bytes JMP 10029880 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] USER32.dll!SendMessageCallbackA 77E83E8B 5 Bytes JMP 1001A8C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] GDI32.dll!BitBlt 762F72C0 5 Bytes JMP 100293E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] GDI32.dll!MaskBlt 762FC7AD 5 Bytes JMP 10029130 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] GDI32.dll!StretchBlt 762FF467 5 Bytes JMP 10028C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] GDI32.dll!PlgBlt 76310F73 5 Bytes JMP 10028EA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[780] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 75EB1BA0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtReplyWaitReceivePort 77D06418 5 Bytes JMP 75EB1450 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtReplyWaitReceivePortEx 77D06428 5 Bytes JMP 75EB17F0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[832] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[832] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[832] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[832] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[832] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[832] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[832] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[832] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[832] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[832] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[832] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[832] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[840] services.exe 00861608 4 Bytes [80, E1, 01, 10] .text C:\Windows\system32\services.exe[840] services.exe 00861618 4 Bytes [60, DC, 01, 10] .text C:\Windows\system32\services.exe[840] services.exe 00861638 4 Bytes [A0, E4, 01, 10] .text C:\Windows\system32\services.exe[840] services.exe 00861648 4 Bytes [E0, DE, 01, 10] {LOOPNZ 0xffffffffffffffe0; ADD [EAX], EDX} .text C:\Windows\system32\services.exe[840] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[840] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[840] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[840] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[840] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[840] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[840] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[840] RPCRT4.dll!RpcServerRegisterIfEx 761909BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[840] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[840] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[840] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[840] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[840] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[900] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[900] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[900] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[900] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[900] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[900] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[900] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[900] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[900] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[900] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[900] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[900] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[908] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[908] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[908] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[908] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[908] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[908] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[908] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[908] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[908] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[908] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[908] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[908] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[916] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[916] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[916] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[916] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[916] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[916] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[916] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[916] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[916] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[916] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[916] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[916] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[964] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[964] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[964] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[964] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[964] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[964] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[964] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[964] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[964] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1040] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1040] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1040] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1040] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1040] RPCRT4.dll!RpcServerRegisterIfEx 761909BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1040] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1040] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1040] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1040] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1116] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1116] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1116] RPCRT4.dll!RpcServerRegisterIfEx 761909BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1116] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1116] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1116] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1116] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1116] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1116] rpcss.dll!CoGetComCatalog 753E35EC 8 Bytes JMP ED501001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1160] ntdll.dll!NtAllocateVirtualMemory 77D052D8 5 Bytes JMP 00533F00 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1160] ntdll.dll!NtCreateFile 77D055C8 5 Bytes JMP 0054D9A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IEMonitor.exe[1220] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IEMonitor.exe[1220] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IEMonitor.exe[1220] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IEMonitor.exe[1220] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IEMonitor.exe[1220] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IEMonitor.exe[1220] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IEMonitor.exe[1220] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IEMonitor.exe[1220] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IEMonitor.exe[1220] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IEMonitor.exe[1220] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IEMonitor.exe[1220] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IEMonitor.exe[1220] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1244] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1244] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1244] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1244] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1244] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1244] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1284] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1284] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1284] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1284] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1284] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1284] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1284] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1284] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1284] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1284] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1284] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1284] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1312] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1312] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1312] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1312] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1312] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1312] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1312] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1312] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1312] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1312] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1312] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1312] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1356] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1356] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1356] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1356] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1356] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1356] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1356] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1356] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1356] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1356] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1356] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1356] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1412] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1412] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1412] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1412] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1412] RPCRT4.dll!RpcServerRegisterIfEx 761909BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1412] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1412] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1412] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1412] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1552] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1552] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1552] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1552] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1552] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1552] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1552] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1552] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1552] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1552] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1552] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1552] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1788] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1788] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1788] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1788] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1788] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1788] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1788] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1788] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1788] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1788] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1788] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1788] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1852] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1852] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1852] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1852] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1852] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1852] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1852] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1852] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1984] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1984] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1984] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1984] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1984] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1984] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1984] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1984] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1984] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1984] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1984] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1984] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[2008] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[2008] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[2008] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[2008] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[2008] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[2008] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[2008] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[2008] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[2008] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[2008] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[2008] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[2008] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[2488] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[2488] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[2488] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[2488] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[2488] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[2488] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[2488] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[2488] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[2488] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[2488] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[2488] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[2488] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2576] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2576] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2576] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2576] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2576] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2576] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2576] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2576] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2576] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2576] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2576] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2576] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2604] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2604] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2604] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2604] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2604] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2604] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2604] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2604] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2604] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2604] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2604] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2604] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[2652] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[2652] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[2652] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[2652] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[2652] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[2652] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[2652] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[2652] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[2652] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[2652] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[2652] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[2652] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2676] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2676] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2676] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2676] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2676] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2676] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2676] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2676] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2676] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2676] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2676] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2676] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\mqy2xdf8.exe[2812] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\mqy2xdf8.exe[2812] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\mqy2xdf8.exe[2812] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\mqy2xdf8.exe[2812] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\mqy2xdf8.exe[2812] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\mqy2xdf8.exe[2812] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\mqy2xdf8.exe[2812] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\mqy2xdf8.exe[2812] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\mqy2xdf8.exe[2812] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\mqy2xdf8.exe[2812] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\mqy2xdf8.exe[2812] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\mqy2xdf8.exe[2812] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2864] ntdll.dll!NtAllocateVirtualMemory 77D052D8 5 Bytes JMP 0077FC60 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2872] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2872] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2872] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2872] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2872] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2872] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2872] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2872] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2872] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2872] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2872] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2872] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2884] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2884] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2884] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2884] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2884] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2884] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2884] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2884] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2884] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2884] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2884] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2884] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2896] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2896] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2896] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2896] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2896] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2896] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2896] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2896] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2896] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2896] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2896] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2896] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[2968] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[2968] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[2968] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[2968] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[2968] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[2968] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[2968] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[2968] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[2968] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[2968] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[2968] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[2968] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2992] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2992] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2992] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2992] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2992] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2992] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2992] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2992] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2992] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2992] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2992] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2992] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3048] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 0024B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3048] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 0023D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3048] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 0023D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3048] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 00247DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3048] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 00244F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3048] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 00245AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3048] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 00243A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3048] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 00248BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3048] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 00248990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3048] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 00249CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3048] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 00249BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3048] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 00244390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3060] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3060] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3060] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3060] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3060] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3060] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3060] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3060] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3060] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3060] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3060] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3060] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3128] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3128] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3128] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3128] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3128] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3128] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3128] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3128] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3128] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3128] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3128] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3128] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3156] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3156] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3156] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3156] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3156] KERNEL32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3156] KERNEL32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3156] KERNEL32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3156] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3156] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3156] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3156] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3156] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] ntdll.dll!NtAllocateVirtualMemory 77D052D8 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] ntdll.dll!NtCreateFile 77D055C8 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] ntdll.dll!NtCreateProcess 77D05698 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] ntdll.dll!NtCreateProcessEx 77D056A8 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] ntdll.dll!NtDeleteFile 77D05808 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] ntdll.dll!NtFreeVirtualMemory 77D059D8 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] ntdll.dll!NtLoadDriver 77D05B58 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] ntdll.dll!NtOpenFile 77D05CD8 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] ntdll.dll!NtProtectVirtualMemory 77D05F18 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] ntdll.dll!NtSetInformationProcess 77D06678 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] ntdll.dll!NtUnloadDriver 77D06958 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] ntdll.dll!NtWriteVirtualMemory 77D06A98 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] ntdll.dll!KiUserExceptionDispatcher 77D07008 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] ntdll.dll!RtlAllocateHeap 77D12DD6 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] ntdll.dll!LdrGetProcedureAddress 77D2228D 5 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!CopyFileW 76436AF7 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!CopyFileExW 7643B238 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!DeleteFileW 764416EF 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!VirtualProtect 76442BCD 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!DeleteFileA 76444382 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!LoadLibraryExA 76444466 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!LoadLibraryExW 76445079 5 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!MoveFileWithProgressW 76448D8C 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!MoveFileExW 76448DB0 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!GetProcAddress 7644CC94 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!GetModuleHandleW 7644CCAC 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!GetModuleHandleA 7644D8F3 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!LoadLibraryA 7644DC65 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!CreateFileW 7644E8A5 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!CreateFileA 7644EA61 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!LoadLibraryW 7644EF42 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!OpenFile 7645D54F 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!MoveFileExA 76463F78 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!MoveFileWithProgressA 76463F98 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!CopyFileA 76466D5A 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!MoveFileW 76466ED6 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!MoveFileA 7648BF49 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!CopyFileExA 7648CDA1 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!WinExec 7648EDB2 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] kernel32.dll!LoadModule 7648F29D 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] shell32.dll!ShellExecuteW 76703C71 5 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] shell32.dll!ShellExecuteExW 76711E46 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] shell32.dll!ShellExecuteEx 76936FDD 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] shell32.dll!ShellExecuteA 76937078 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] WS2_32.DLL!WSASocketW 77B73CD3 7 Bytes JMP 1002A8C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\The Bat!\thebat.exe[3180] WS2_32.DLL!WSASocketA 77B7C82A 5 Bytes JMP 1002A8E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3256] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3256] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3256] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3256] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3256] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3256] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3256] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3256] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3256] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3256] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3256] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3256] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IDMan.exe[3272] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IDMan.exe[3272] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IDMan.exe[3272] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IDMan.exe[3272] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IDMan.exe[3272] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IDMan.exe[3272] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IDMan.exe[3272] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IDMan.exe[3272] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IDMan.exe[3272] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IDMan.exe[3272] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IDMan.exe[3272] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Download Manager\IDMan.exe[3272] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3284] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 004EB520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3284] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 004DD080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3284] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 004DD1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3284] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 004E7DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3284] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 004E4F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3284] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 004E5AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3284] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 004E3A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3284] USER32.dll!RegisterMessagePumpHook + 2F1 77E28B9E 7 Bytes JMP 10053940 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3284] USER32.dll!PostMessageW + 43A 77E348B5 7 Bytes JMP 100537F0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3284] USER32.dll!SetDlgItemTextA + 25 77E4709F 7 Bytes JMP 10053920 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3284] USER32.dll!MessageBoxIndirectA + F5 77E7E95E 7 Bytes JMP 10053990 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3284] USER32.dll!MessageBoxIndirectW + 61 77E7E9C4 7 Bytes JMP 10053A60 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3284] USER32.dll!MessageBoxExA + 1F 77E7E9E8 7 Bytes JMP 10053A10 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3284] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 004E8BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3284] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 004E8990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3284] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 004E9CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3284] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 004E9BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3284] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 004E4390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Codebox\BitMeter\BitMeter2.exe[3340] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Codebox\BitMeter\BitMeter2.exe[3340] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Codebox\BitMeter\BitMeter2.exe[3340] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Codebox\BitMeter\BitMeter2.exe[3340] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Codebox\BitMeter\BitMeter2.exe[3340] KERNEL32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Codebox\BitMeter\BitMeter2.exe[3340] KERNEL32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Codebox\BitMeter\BitMeter2.exe[3340] KERNEL32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Codebox\BitMeter\BitMeter2.exe[3340] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Codebox\BitMeter\BitMeter2.exe[3340] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Codebox\BitMeter\BitMeter2.exe[3340] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Codebox\BitMeter\BitMeter2.exe[3340] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Codebox\BitMeter\BitMeter2.exe[3340] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3516] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 0024B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3516] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 0023D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3516] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 0023D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3516] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 00247DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3516] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 00244F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3516] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 00245AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3516] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 00243A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3516] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 00248BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3516] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 00248990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3516] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 00249CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3516] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 00249BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3516] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 00244390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3608] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3608] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3608] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3608] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3608] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3608] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3608] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3608] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3608] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3608] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3608] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3608] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3620] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3620] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3620] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3620] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3620] KERNEL32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3620] KERNEL32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3620] KERNEL32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3620] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3620] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3620] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3620] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3620] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3768] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3768] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3768] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3768] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3768] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3768] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3768] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3768] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3768] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3768] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3768] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3768] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3920] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3920] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3920] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3920] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3920] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3920] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3920] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3920] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3920] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3920] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3920] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3920] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4008] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4008] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4008] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4008] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4008] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4008] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4008] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4008] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4008] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4008] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4008] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4008] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[4572] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[4572] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[4572] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[4572] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[4572] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[4572] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[4572] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[4572] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[4572] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[4572] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[4572] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\notepad.exe[4572] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtAllocateVirtualMemory 77D052D8 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtCreateFile 77D055C8 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtCreateFile + 6 77D055CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtCreateFile + B 77D055D3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtCreateProcess 77D05698 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtCreateProcessEx 77D056A8 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtDeleteFile 77D05808 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtFreeVirtualMemory 77D059D8 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtLoadDriver 77D05B58 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 1 Byte [28] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtMapViewOfSection + B 77D05C33 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtOpenFile 77D05CD8 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtOpenFile + 6 77D05CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtOpenFile + B 77D05CE3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtOpenProcess + 6 77D05D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtOpenProcess + B 77D05D93 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtOpenProcessToken + 6 77D05D9E 4 Bytes CALL 76D064A4 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtOpenProcessToken + B 77D05DA3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtOpenProcessTokenEx + 6 77D05DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtOpenProcessTokenEx + B 77D05DB3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtOpenThread + 6 77D05E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtOpenThread + B 77D05E13 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtOpenThreadToken + 6 77D05E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtOpenThreadToken + B 77D05E23 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtOpenThreadTokenEx + 6 77D05E2E 4 Bytes CALL 76D06535 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtOpenThreadTokenEx + B 77D05E33 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtProtectVirtualMemory 77D05F18 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtQueryAttributesFile + 6 77D05F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtQueryAttributesFile + B 77D05F43 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtQueryFullAttributesFile + 6 77D05FEE 4 Bytes CALL 76D066F3 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtQueryFullAttributesFile + B 77D05FF3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtSetInformationFile + 6 77D0663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtSetInformationFile + B 77D06643 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtSetInformationProcess 77D06678 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtSetInformationThread + 6 77D0669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtSetInformationThread + B 77D066A3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtUnloadDriver 77D06958 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 1 Byte [68] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtUnmapViewOfSection + B 77D069C3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!NtWriteVirtualMemory 77D06A98 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!KiUserExceptionDispatcher 77D07008 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!RtlAllocateHeap 77D12DD6 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!LdrGetProcedureAddress 77D2228D 5 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!CopyFileW 76436AF7 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!CopyFileExW 7643B238 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!DeleteFileW 764416EF 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!VirtualProtect 76442BCD 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!DeleteFileA 76444382 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!LoadLibraryExA 76444466 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!LoadLibraryExW 76445079 5 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!MoveFileWithProgressW 76448D8C 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!MoveFileExW 76448DB0 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!GetProcAddress 7644CC94 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!GetModuleHandleW 7644CCAC 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!GetModuleHandleA 7644D8F3 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!LoadLibraryA 7644DC65 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!CreateFileW 7644E8A5 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!CreateFileA 7644EA61 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!LoadLibraryW 7644EF42 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!OpenFile 7645D54F 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!MoveFileExA 76463F78 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!MoveFileWithProgressA 76463F98 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!CopyFileA 76466D5A 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!MoveFileW 76466ED6 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!MoveFileA 7648BF49 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!CopyFileExA 7648CDA1 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!WinExec 7648EDB2 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] kernel32.dll!LoadModule 7648F29D 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] SHELL32.dll!ShellExecuteW 76703C71 5 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] SHELL32.dll!ShellExecuteExW 76711E46 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] SHELL32.dll!ShellExecuteEx 76936FDD 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4632] SHELL32.dll!ShellExecuteA 76937078 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[4840] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[4840] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[4840] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[4840] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[4840] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[4840] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[4840] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[4840] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[4840] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[4840] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[4840] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[4840] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\OTL.exe[4928] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\OTL.exe[4928] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\OTL.exe[4928] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\OTL.exe[4928] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\OTL.exe[4928] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\OTL.exe[4928] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\OTL.exe[4928] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\OTL.exe[4928] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\OTL.exe[4928] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\OTL.exe[4928] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\OTL.exe[4928] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\Downloads\OTL.exe[4928] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] ntdll.dll!NtAllocateVirtualMemory 77D052D8 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] ntdll.dll!NtCreateFile 77D055C8 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] ntdll.dll!NtCreateProcess 77D05698 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] ntdll.dll!NtCreateProcessEx 77D056A8 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] ntdll.dll!NtDeleteFile 77D05808 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] ntdll.dll!NtFreeVirtualMemory 77D059D8 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] ntdll.dll!NtLoadDriver 77D05B58 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] ntdll.dll!NtOpenFile 77D05CD8 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] ntdll.dll!NtProtectVirtualMemory 77D05F18 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] ntdll.dll!NtSetInformationProcess 77D06678 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] ntdll.dll!NtUnloadDriver 77D06958 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] ntdll.dll!NtWriteVirtualMemory 77D06A98 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] ntdll.dll!KiUserExceptionDispatcher 77D07008 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] ntdll.dll!RtlAllocateHeap 77D12DD6 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] ntdll.dll!LdrGetProcedureAddress 77D2228D 5 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!CopyFileW 76436AF7 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!CopyFileExW 7643B238 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!DeleteFileW 764416EF 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!VirtualProtect 76442BCD 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!DeleteFileA 76444382 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!LoadLibraryExA 76444466 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!LoadLibraryExW 76445079 5 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!MoveFileWithProgressW 76448D8C 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!MoveFileExW 76448DB0 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!GetProcAddress 7644CC94 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!GetModuleHandleW 7644CCAC 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!GetModuleHandleA 7644D8F3 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!LoadLibraryA 7644DC65 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!CreateFileW 7644E8A5 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!CreateFileA 7644EA61 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!LoadLibraryW 7644EF42 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!OpenFile 7645D54F 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!MoveFileExA 76463F78 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!MoveFileWithProgressA 76463F98 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!CopyFileA 76466D5A 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!MoveFileW 76466ED6 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!MoveFileA 7648BF49 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!CopyFileExA 7648CDA1 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!WinExec 7648EDB2 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] kernel32.dll!LoadModule 7648F29D 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] SHELL32.dll!ShellExecuteW 76703C71 5 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] SHELL32.dll!ShellExecuteExW 76711E46 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] SHELL32.dll!ShellExecuteEx 76936FDD 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5048] SHELL32.dll!ShellExecuteA 76937078 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtAllocateVirtualMemory 77D052D8 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtCreateFile 77D055C8 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtCreateFile + 6 77D055CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtCreateFile + B 77D055D3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtCreateProcess 77D05698 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtCreateProcessEx 77D056A8 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtDeleteFile 77D05808 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtFreeVirtualMemory 77D059D8 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtLoadDriver 77D05B58 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 1 Byte [28] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtMapViewOfSection + B 77D05C33 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtOpenFile 77D05CD8 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtOpenFile + 6 77D05CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtOpenFile + B 77D05CE3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtOpenProcess + 6 77D05D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtOpenProcess + B 77D05D93 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtOpenProcessToken + 6 77D05D9E 4 Bytes CALL 76D064A4 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtOpenProcessToken + B 77D05DA3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtOpenProcessTokenEx + 6 77D05DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtOpenProcessTokenEx + B 77D05DB3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtOpenThread + 6 77D05E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtOpenThread + B 77D05E13 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtOpenThreadToken + 6 77D05E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtOpenThreadToken + B 77D05E23 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtOpenThreadTokenEx + 6 77D05E2E 4 Bytes CALL 76D06535 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtOpenThreadTokenEx + B 77D05E33 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtProtectVirtualMemory 77D05F18 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtQueryAttributesFile + 6 77D05F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtQueryAttributesFile + B 77D05F43 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtQueryFullAttributesFile + 6 77D05FEE 4 Bytes CALL 76D066F3 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtQueryFullAttributesFile + B 77D05FF3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtSetInformationFile + 6 77D0663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtSetInformationFile + B 77D06643 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtSetInformationProcess 77D06678 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtSetInformationThread + 6 77D0669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtSetInformationThread + B 77D066A3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtUnloadDriver 77D06958 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 1 Byte [68] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtUnmapViewOfSection + B 77D069C3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!NtWriteVirtualMemory 77D06A98 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!KiUserExceptionDispatcher 77D07008 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!RtlAllocateHeap 77D12DD6 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!LdrGetProcedureAddress 77D2228D 5 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!CopyFileW 76436AF7 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!CopyFileExW 7643B238 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!DeleteFileW 764416EF 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!VirtualProtect 76442BCD 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!DeleteFileA 76444382 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!LoadLibraryExA 76444466 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!LoadLibraryExW 76445079 5 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!MoveFileWithProgressW 76448D8C 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!MoveFileExW 76448DB0 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!GetProcAddress 7644CC94 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!GetModuleHandleW 7644CCAC 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!GetModuleHandleA 7644D8F3 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!LoadLibraryA 7644DC65 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!CreateFileW 7644E8A5 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!CreateFileA 7644EA61 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!LoadLibraryW 7644EF42 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!OpenFile 7645D54F 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!MoveFileExA 76463F78 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!MoveFileWithProgressA 76463F98 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!CopyFileA 76466D5A 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!MoveFileW 76466ED6 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!MoveFileA 7648BF49 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!CopyFileExA 7648CDA1 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!WinExec 7648EDB2 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] kernel32.dll!LoadModule 7648F29D 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] SHELL32.dll!ShellExecuteW 76703C71 5 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] SHELL32.dll!ShellExecuteExW 76711E46 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] SHELL32.dll!ShellExecuteEx 76936FDD 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5180] SHELL32.dll!ShellExecuteA 76937078 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtAllocateVirtualMemory 77D052D8 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtCreateFile 77D055C8 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtCreateFile + 6 77D055CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtCreateFile + B 77D055D3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtCreateProcess 77D05698 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtCreateProcessEx 77D056A8 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtDeleteFile 77D05808 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtFreeVirtualMemory 77D059D8 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtLoadDriver 77D05B58 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 1 Byte [28] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtMapViewOfSection + B 77D05C33 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtOpenFile 77D05CD8 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtOpenFile + 6 77D05CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtOpenFile + B 77D05CE3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtOpenProcess + 6 77D05D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtOpenProcess + B 77D05D93 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtOpenProcessToken + 6 77D05D9E 4 Bytes CALL 76D064A4 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtOpenProcessToken + B 77D05DA3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtOpenProcessTokenEx + 6 77D05DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtOpenProcessTokenEx + B 77D05DB3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtOpenThread + 6 77D05E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtOpenThread + B 77D05E13 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtOpenThreadToken + 6 77D05E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtOpenThreadToken + B 77D05E23 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtOpenThreadTokenEx + 6 77D05E2E 4 Bytes CALL 76D06535 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtOpenThreadTokenEx + B 77D05E33 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtProtectVirtualMemory 77D05F18 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtQueryAttributesFile + 6 77D05F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtQueryAttributesFile + B 77D05F43 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtQueryFullAttributesFile + 6 77D05FEE 4 Bytes CALL 76D066F3 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtQueryFullAttributesFile + B 77D05FF3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtSetInformationFile + 6 77D0663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtSetInformationFile + B 77D06643 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtSetInformationProcess 77D06678 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtSetInformationThread + 6 77D0669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtSetInformationThread + B 77D066A3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtUnloadDriver 77D06958 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 1 Byte [68] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtUnmapViewOfSection + B 77D069C3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!NtWriteVirtualMemory 77D06A98 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!KiUserExceptionDispatcher 77D07008 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!RtlAllocateHeap 77D12DD6 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!LdrGetProcedureAddress 77D2228D 5 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!CopyFileW 76436AF7 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!CopyFileExW 7643B238 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!DeleteFileW 764416EF 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!VirtualProtect 76442BCD 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!DeleteFileA 76444382 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!LoadLibraryExA 76444466 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!LoadLibraryExW 76445079 5 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!MoveFileWithProgressW 76448D8C 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!MoveFileExW 76448DB0 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!GetProcAddress 7644CC94 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!GetModuleHandleW 7644CCAC 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!GetModuleHandleA 7644D8F3 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!LoadLibraryA 7644DC65 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!CreateFileW 7644E8A5 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!CreateFileA 7644EA61 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!LoadLibraryW 7644EF42 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!OpenFile 7645D54F 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!MoveFileExA 76463F78 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!MoveFileWithProgressA 76463F98 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!CopyFileA 76466D5A 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!MoveFileW 76466ED6 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!MoveFileA 7648BF49 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!CopyFileExA 7648CDA1 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!WinExec 7648EDB2 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] kernel32.dll!LoadModule 7648F29D 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] SHELL32.dll!ShellExecuteW 76703C71 5 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] SHELL32.dll!ShellExecuteExW 76711E46 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] SHELL32.dll!ShellExecuteEx 76936FDD 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5316] SHELL32.dll!ShellExecuteA 76937078 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtAllocateVirtualMemory 77D052D8 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtCreateFile 77D055C8 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtCreateFile + 6 77D055CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtCreateFile + B 77D055D3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtCreateProcess 77D05698 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtCreateProcessEx 77D056A8 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtDeleteFile 77D05808 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtFreeVirtualMemory 77D059D8 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtLoadDriver 77D05B58 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 1 Byte [28] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtMapViewOfSection + B 77D05C33 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtOpenFile 77D05CD8 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtOpenFile + 6 77D05CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtOpenFile + B 77D05CE3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtOpenProcess + 6 77D05D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtOpenProcess + B 77D05D93 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtOpenProcessToken + 6 77D05D9E 4 Bytes CALL 76D064A4 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtOpenProcessToken + B 77D05DA3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtOpenProcessTokenEx + 6 77D05DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtOpenProcessTokenEx + B 77D05DB3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtOpenThread + 6 77D05E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtOpenThread + B 77D05E13 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtOpenThreadToken + 6 77D05E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtOpenThreadToken + B 77D05E23 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtOpenThreadTokenEx + 6 77D05E2E 4 Bytes CALL 76D06535 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtOpenThreadTokenEx + B 77D05E33 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtProtectVirtualMemory 77D05F18 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtQueryAttributesFile + 6 77D05F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtQueryAttributesFile + B 77D05F43 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtQueryFullAttributesFile + 6 77D05FEE 4 Bytes CALL 76D066F3 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtQueryFullAttributesFile + B 77D05FF3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtSetInformationFile + 6 77D0663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtSetInformationFile + B 77D06643 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtSetInformationProcess 77D06678 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtSetInformationThread + 6 77D0669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtSetInformationThread + B 77D066A3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtUnloadDriver 77D06958 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 1 Byte [68] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtUnmapViewOfSection + B 77D069C3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!NtWriteVirtualMemory 77D06A98 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!KiUserExceptionDispatcher 77D07008 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!RtlAllocateHeap 77D12DD6 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!LdrGetProcedureAddress 77D2228D 5 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!CopyFileW 76436AF7 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!CopyFileExW 7643B238 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!DeleteFileW 764416EF 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!VirtualProtect 76442BCD 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!DeleteFileA 76444382 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!LoadLibraryExA 76444466 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!LoadLibraryExW 76445079 5 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!MoveFileWithProgressW 76448D8C 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!MoveFileExW 76448DB0 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!GetProcAddress 7644CC94 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!GetModuleHandleW 7644CCAC 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!GetModuleHandleA 7644D8F3 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!LoadLibraryA 7644DC65 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!CreateFileW 7644E8A5 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!CreateFileA 7644EA61 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!LoadLibraryW 7644EF42 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!OpenFile 7645D54F 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!MoveFileExA 76463F78 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!MoveFileWithProgressA 76463F98 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!CopyFileA 76466D5A 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!MoveFileW 76466ED6 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!MoveFileA 7648BF49 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!CopyFileExA 7648CDA1 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!WinExec 7648EDB2 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] kernel32.dll!LoadModule 7648F29D 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] SHELL32.dll!ShellExecuteW 76703C71 5 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] SHELL32.dll!ShellExecuteExW 76711E46 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] SHELL32.dll!ShellExecuteEx 76936FDD 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5324] SHELL32.dll!ShellExecuteA 76937078 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtAllocateVirtualMemory 77D052D8 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtCreateFile 77D055C8 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtCreateFile + 6 77D055CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtCreateFile + B 77D055D3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtCreateProcess 77D05698 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtCreateProcessEx 77D056A8 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtDeleteFile 77D05808 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtFreeVirtualMemory 77D059D8 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtLoadDriver 77D05B58 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 1 Byte [28] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtMapViewOfSection + B 77D05C33 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtOpenFile 77D05CD8 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtOpenFile + 6 77D05CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtOpenFile + B 77D05CE3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtOpenProcess + 6 77D05D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtOpenProcess + B 77D05D93 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtOpenProcessToken + 6 77D05D9E 4 Bytes CALL 76D064A4 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtOpenProcessToken + B 77D05DA3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtOpenProcessTokenEx + 6 77D05DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtOpenProcessTokenEx + B 77D05DB3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtOpenThread + 6 77D05E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtOpenThread + B 77D05E13 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtOpenThreadToken + 6 77D05E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtOpenThreadToken + B 77D05E23 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtOpenThreadTokenEx + 6 77D05E2E 4 Bytes CALL 76D06535 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtOpenThreadTokenEx + B 77D05E33 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtProtectVirtualMemory 77D05F18 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtQueryAttributesFile + 6 77D05F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtQueryAttributesFile + B 77D05F43 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtQueryFullAttributesFile + 6 77D05FEE 4 Bytes CALL 76D066F3 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtQueryFullAttributesFile + B 77D05FF3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtSetInformationFile + 6 77D0663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtSetInformationFile + B 77D06643 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtSetInformationProcess 77D06678 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtSetInformationThread + 6 77D0669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtSetInformationThread + B 77D066A3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtUnloadDriver 77D06958 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 1 Byte [68] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtUnmapViewOfSection + B 77D069C3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!NtWriteVirtualMemory 77D06A98 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!KiUserExceptionDispatcher 77D07008 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!RtlAllocateHeap 77D12DD6 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!LdrGetProcedureAddress 77D2228D 5 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!CopyFileW 76436AF7 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!CopyFileExW 7643B238 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!DeleteFileW 764416EF 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!VirtualProtect 76442BCD 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!DeleteFileA 76444382 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!LoadLibraryExA 76444466 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!LoadLibraryExW 76445079 5 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!MoveFileWithProgressW 76448D8C 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!MoveFileExW 76448DB0 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!GetProcAddress 7644CC94 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!GetModuleHandleW 7644CCAC 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!GetModuleHandleA 7644D8F3 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!LoadLibraryA 7644DC65 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!CreateFileW 7644E8A5 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!CreateFileA 7644EA61 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!LoadLibraryW 7644EF42 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!OpenFile 7645D54F 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!MoveFileExA 76463F78 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!MoveFileWithProgressA 76463F98 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!CopyFileA 76466D5A 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!MoveFileW 76466ED6 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!MoveFileA 7648BF49 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!CopyFileExA 7648CDA1 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!WinExec 7648EDB2 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] kernel32.dll!LoadModule 7648F29D 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] SHELL32.dll!ShellExecuteW 76703C71 5 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] SHELL32.dll!ShellExecuteExW 76711E46 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] SHELL32.dll!ShellExecuteEx 76936FDD 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[5340] SHELL32.dll!ShellExecuteA 76937078 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[6104] ntdll.dll!NtAlpcSendWaitReceivePort 77D05418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[6104] ntdll.dll!NtClose 77D054C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[6104] ntdll.dll!LdrUnloadDll 77D1C8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[6104] ntdll.dll!LdrLoadDll 77D222B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[6104] kernel32.dll!CreateProcessW 7640204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[6104] kernel32.dll!CreateProcessA 76402082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[6104] kernel32.dll!CreateProcessAsUserW 764359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[6104] GDI32.dll!DeleteDC 762F6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[6104] GDI32.dll!GetPixel 762FC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[6104] GDI32.dll!CreateDCA 762FCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[6104] GDI32.dll!CreateDCW 762FCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[6104] ADVAPI32.dll!CreateProcessAsUserA 777C2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [898B6730] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [898B6F12] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [898B7232] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [898B70F0] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [898B6914] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ---- Devices - GMER 1.0.15 ---- Device 85A621E8 Device Ntfs.sys (Sterownik systemu plik闚 NT/Microsoft Corporation) AttachedDevice tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis) Device \Driver\usbuhci \Device\USBPDO-0 870DF1E8 Device \Driver\usbuhci \Device\USBPDO-1 870DF1E8 Device \Driver\usbehci \Device\USBPDO-2 870F31E8 Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\usbuhci \Device\USBPDO-3 870DF1E8 Device \Driver\usbuhci \Device\USBPDO-4 870DF1E8 Device \Driver\usbuhci \Device\USBPDO-5 870DF1E8 Device \Driver\usbehci \Device\USBPDO-6 870F31E8 Device volmgr.sys (Volume Manager Driver/Microsoft Corporation) AttachedDevice fltmgr.sys (Mened瞠r filtr闚 systemu plik闚 firmy Microsoft/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 86A3A1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85A5F1E8 Device \Driver\atapi \Device\Ide\IdePort0 85A5F1E8 Device \Driver\atapi \Device\Ide\IdePort1 85A5F1E8 Device \Driver\msahci \Device\Ide\PciIde1Channel0 85A601E8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 85A5F1E8 Device \Driver\usbuhci \Device\USBFDO-0 870DF1E8 Device \Driver\usbuhci \Device\USBFDO-1 870DF1E8 Device \Driver\usbehci \Device\USBFDO-2 870F31E8 Device \Driver\usbuhci \Device\USBFDO-3 870DF1E8 Device \Driver\usbuhci \Device\USBFDO-4 870DF1E8 Device \Driver\usbuhci \Device\USBFDO-5 870DF1E8 Device \Driver\usbehci \Device\USBFDO-6 870F31E8 ---- Files - GMER 1.0.15 ---- File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Patcher_2.4.exe1.info 102 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\13FA59D1-C560-4BF9-9900-23A3DB618E37.data.info 146 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\79B776DA-1536-4826-92BD-113A9E83FBE4.data 456856 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\79B776DA-1536-4826-92BD-113A9E83FBE4.data.info 214 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NEW8984.tmp.exe.info 168 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Patcher_2.4.exe 765318 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Patcher_2.4.exe.info 140 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Patcher_2.4.exe.part 765318 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Patcher_2.4.exe.part.info 112 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Patcher_2.4.exe1 765318 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Patcher_2.4.exe2 765318 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Patcher_2.4.exe2.info 102 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Patcher_2.4.exe3 765318 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Patcher_2.4.exe3.info 88 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Patcher_2.4.exe5 765318 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Patcher_2.4.exe5.info 136 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\rlls.dll.info 172 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes File C:\Windows\$NtUninstallKB43816$\1402539585 0 bytes File C:\Windows\$NtUninstallKB43816$\460697693 0 bytes File C:\Windows\$NtUninstallKB43816$\460697693\@ 2048 bytes File C:\Windows\$NtUninstallKB43816$\460697693\cfg.ini 204 bytes File C:\Windows\$NtUninstallKB43816$\460697693\Desktop.ini 4608 bytes File C:\Windows\$NtUninstallKB43816$\460697693\L 0 bytes File C:\Windows\$NtUninstallKB43816$\460697693\L\xadqgnnk 74752 bytes File C:\Windows\$NtUninstallKB43816$\460697693\oemid 244 bytes File C:\Windows\$NtUninstallKB43816$\460697693\twl.dll 223744 bytes File C:\Windows\$NtUninstallKB43816$\460697693\U 0 bytes File C:\Windows\$NtUninstallKB43816$\460697693\U\00000001.@ 2048 bytes File C:\Windows\$NtUninstallKB43816$\460697693\U\00000002.@ 224768 bytes File C:\Windows\$NtUninstallKB43816$\460697693\U\00000004.@ 1024 bytes File C:\Windows\$NtUninstallKB43816$\460697693\U\80000000.@ 66560 bytes File C:\Windows\$NtUninstallKB43816$\460697693\U\80000004.@ 1024 bytes File C:\Windows\$NtUninstallKB43816$\460697693\U\80000032.@ 115712 bytes File C:\Windows\$NtUninstallKB43816$\460697693\version 1275 bytes ---- EOF - GMER 1.0.15 ----