GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-11-22 07:08:41 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.02.0 Running: gmer.exe; Driver: C:\Users\KRZYSIO\AppData\Local\Temp\kxtiafob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x91B6FFB0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x91B7019C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x91B6F310] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x91B6FC16] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x91B6F9CA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x91B70D14] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwCreateThread [0x924047F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwLoadDriver [0x924048B0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x91B6F5D8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x91B6FDF2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x91B6F872] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSystemInformation [0x92404870] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x91B6F542] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSystemDebugControl [0x92404830] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x91B6F112] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x91B6EF00] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x91B703CA] INT 0x52 ? 885A5F00 INT 0x72 ? 885A5F00 INT 0x82 ? 885A5F00 INT 0x92 ? 885A5F00 INT 0xA2 ? 885A5F00 INT 0xB2 ? 85D73CB8 INT 0xB3 ? 885A5F00 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 119 828B67DC 4 Bytes [B0, FF, B6, 91] {MOV AL, 0xff; MOV DH, 0x91} .text ntkrnlpa.exe!KeSetEvent + 13D 828B6800 4 Bytes [9C, 01, B7, 91] .text ntkrnlpa.exe!KeSetEvent + 1C1 828B6884 4 Bytes [10, F3, B6, 91] {ADC BL, DH; MOV DH, 0x91} .text ntkrnlpa.exe!KeSetEvent + 1D9 828B689C 4 Bytes [16, FC, B6, 91] {PUSH SS; CLD ; MOV DH, 0x91} .text ntkrnlpa.exe!KeSetEvent + 215 828B68D8 4 Bytes [CA, F9, B6, 91] {RETF 0xb6f9; XCHG ECX, EAX} .text ... .text sptd.sys 82E89000 32 Bytes [EC, B5, BC, 82, 60, 7F, BC, ...] .text sptd.sys 82E89024 4 Bytes [D2, 53, FB, 82] .text sptd.sys 82E8902C 196 Bytes [73, AD, 96, 82, 18, F5, 84, ...] .text sptd.sys 82E890F1 7 Bytes [FC, 84, 82, F0, F7, 84, 82] {CLD ; TEST [EDX-0x7d7b0810], AL} .text sptd.sys 82E890F9 203 Bytes [93, 82, 82, 0B, D1, 81, 82, ...] .text ... .sptd2 C:\windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x82F630AD] ? C:\windows\System32\Drivers\sptd.sys Proces nie moze uzyskac dostepu do pliku, poniewaz jest on uzywany przez inny proces. ? C:\windows\System32\Drivers\SafeBoot.sys Proces nie moze uzyskac dostepu do pliku, poniewaz jest on uzywany przez inny proces. .text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90401000, 0x24DCF4, 0xE8000020] .text USBPORT.SYS!DllUnload 909E141B 5 Bytes JMP 885A5410 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00B17F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 00B0D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 00B1B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtClose 776E4184 5 Bytes JMP 00B0D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtCreateFile + 6 776E424A 4 Bytes [28, 94, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtCreateFile + B 776E424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtMapViewOfSection + 6 776E499A 4 Bytes [28, 97, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtMapViewOfSection + B 776E499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenFile + 6 776E4A2A 4 Bytes [68, 94, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenFile + B 776E4A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenProcess + 6 776E4AAA 4 Bytes [A8, 95, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenProcess + B 776E4AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenProcessToken + B 776E4ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenProcessTokenEx + 6 776E4ACA 4 Bytes [A8, 96, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenProcessTokenEx + B 776E4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenThread + 6 776E4B1A 4 Bytes [68, 95, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenThread + B 776E4B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenThreadToken + 6 776E4B2A 4 Bytes [68, 96, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenThreadToken + B 776E4B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtOpenThreadTokenEx + B 776E4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtQueryAttributesFile + 6 776E4BCA 4 Bytes [A8, 94, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtQueryAttributesFile + B 776E4BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtQueryFullAttributesFile + B 776E4C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtSetInformationFile + 6 776E515A 4 Bytes [28, 95, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtSetInformationFile + B 776E515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtSetInformationThread + 6 776E51AA 4 Bytes [28, 96, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtSetInformationThread + B 776E51AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtUnmapViewOfSection + 6 776E544A 4 Bytes [68, 97, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ntdll.dll!NtUnmapViewOfSection + B 776E544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00B15070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00B15C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00B18D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00B19D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00B19E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00B18AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 00B144D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[336] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00B13BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[592] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 002A7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[592] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0029D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[592] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 002AB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[592] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0029D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[592] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 002A5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[592] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 002A5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[592] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 002A44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[592] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 002A3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[592] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 002A8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[592] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 002A9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[592] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 002A9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[592] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 002A8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[792] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[792] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[792] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[792] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[792] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[792] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[792] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[792] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[792] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[792] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[792] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[792] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\csrss.exe[840] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 75C51BA0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\csrss.exe[840] ntdll.dll!NtReplyWaitReceivePort 776E4F74 5 Bytes JMP 75C51450 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\csrss.exe[840] ntdll.dll!NtReplyWaitReceivePortEx 776E4F84 5 Bytes JMP 75C517F0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[852] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[852] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[852] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[852] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[852] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[852] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[852] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[852] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[852] RPCRT4.dll!RpcServerRegisterIfEx 7665929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[852] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[852] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[852] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[852] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\csrss.exe[908] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 75C51BA0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\csrss.exe[908] ntdll.dll!NtReplyWaitReceivePort 776E4F74 5 Bytes JMP 75C51450 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\csrss.exe[908] ntdll.dll!NtReplyWaitReceivePortEx 776E4F84 5 Bytes JMP 75C517F0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00797F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0078D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0079B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0078D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00795070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00795C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 007944D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00793BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!RegisterRawInputDevices 76296161 5 Bytes JMP 00788F00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!SetWindowsHookExA 76296322 5 Bytes JMP 0078CB20 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!SystemParametersInfoA 762982E1 7 Bytes JMP 0078C690 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!GetAsyncKeyState 7629863C 5 Bytes JMP 00789120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!SetWindowsHookExW 762987AD 5 Bytes JMP 0078C8B0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!SendNotifyMessageW 762993D6 5 Bytes JMP 0078A160 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!MoveWindow 7629989F 5 Bytes JMP 00788C20 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!SetWinEventHook 76299F3A 5 Bytes JMP 0078C160 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!SetParent 7629A2AA 5 Bytes JMP 00788980 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!PostThreadMessageA 7629BD34 5 Bytes JMP 0078B980 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!GetKeyboardState 7629BD7D 5 Bytes JMP 00789680 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!RegisterHotKey 7629BDA5 5 Bytes JMP 00788140 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!EnableWindow 7629CD8B 5 Bytes JMP 00787EA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!PostMessageA 7629F8F8 5 Bytes JMP 0078BEC0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!SendMessageA 7629F956 5 Bytes JMP 0078B440 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!SendMessageTimeoutW 762A352D 5 Bytes JMP 0078AC20 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!SendMessageCallbackW 762A4570 5 Bytes JMP 0078A6A0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!PostThreadMessageW 762A7C8E 5 Bytes JMP 0078B6E0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!GetKeyState 762A8CB1 5 Bytes JMP 007893D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!PostMessageW 762AA175 5 Bytes JMP 0078BC20 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!SendMessageW 762B0AED 5 Bytes JMP 0078B1A0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!SystemParametersInfoW 762B11D8 7 Bytes JMP 0078C470 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!SendDlgItemMessageA 762B275B 5 Bytes JMP 00789EB0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!SetClipboardViewer 762BBA2D 5 Bytes JMP 00788780 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!SendNotifyMessageA 762BDFCF 5 Bytes JMP 0078A400 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!BlockInput 762BFF0A 5 Bytes JMP 00788580 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!SendMessageTimeoutA 762C0006 5 Bytes JMP 0078AEE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!mouse_event 762C044E 5 Bytes JMP 007997C0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!SendDlgItemMessageW 762C0E38 5 Bytes JMP 00789C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!SendInput 762C2F75 5 Bytes JMP 00789930 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!GetClipboardData 762D715A 5 Bytes JMP 00788370 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!ExitWindowsEx 762DB7C3 5 Bytes JMP 00787C90 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!keybd_event 762ED972 5 Bytes JMP 007999D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] USER32.dll!SendMessageCallbackA 762F2CA7 5 Bytes JMP 0078A960 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00798D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] GDI32.dll!BitBlt 761970A6 5 Bytes JMP 00799530 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] GDI32.dll!StretchBlt 761993D6 5 Bytes JMP 00798D50 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00799D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00799E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00798AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] GDI32.dll!MaskBlt 7619C5CB 5 Bytes JMP 00799280 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[916] GDI32.dll!PlgBlt 761AEB50 5 Bytes JMP 00798FF0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[956] services.exe 00451628 3 Bytes [20, E2, 36] .text C:\windows\system32\services.exe[956] services.exe 00451638 3 Bytes [00, DD, 36] .text C:\windows\system32\services.exe[956] services.exe 00451658 3 Bytes [40, E5, 36] {INC EAX; IN EAX, 0x36} .text C:\windows\system32\services.exe[956] services.exe 00451668 3 Bytes [80, DF, 36] {SBB BH, 0x36} .text C:\windows\system32\services.exe[956] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00377F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[956] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0036D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[956] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0037B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[956] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0036D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[956] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00375070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[956] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00375C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[956] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 003744D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[956] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00373BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[956] RPCRT4.dll!RpcServerRegisterIfEx 7665929C 5 Bytes JMP 0036F870 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[956] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00378D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[956] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00379D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[956] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00379E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[956] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00378AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[968] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00227F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[968] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0021D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[968] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0022B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[968] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0021D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[968] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00225070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[968] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00225C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[968] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 002244D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[968] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00223BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[968] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00228D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[968] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00229D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[968] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00229E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[968] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00228AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[976] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[976] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[976] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[976] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[976] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[976] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[976] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[976] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[976] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[976] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[976] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[976] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1172] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1172] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1172] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1172] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1172] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1172] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1172] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1172] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1172] RPCRT4.dll!RpcServerRegisterIfEx 7665929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1172] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1172] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1172] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1172] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1216] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1216] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1216] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1216] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1216] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1216] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1216] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1216] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1216] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1216] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1216] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1216] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Fingerprint Sensor\AtService.exe[1248] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 009E7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Fingerprint Sensor\AtService.exe[1248] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 009DD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Fingerprint Sensor\AtService.exe[1248] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 009EB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Fingerprint Sensor\AtService.exe[1248] ntdll.dll!NtClose 776E4184 5 Bytes JMP 009DD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Fingerprint Sensor\AtService.exe[1248] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 009E5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Fingerprint Sensor\AtService.exe[1248] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 009E5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Fingerprint Sensor\AtService.exe[1248] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 009E8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Fingerprint Sensor\AtService.exe[1248] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 009E9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Fingerprint Sensor\AtService.exe[1248] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 009E9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Fingerprint Sensor\AtService.exe[1248] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 009E8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Fingerprint Sensor\AtService.exe[1248] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 009E44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Fingerprint Sensor\AtService.exe[1248] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 009E3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[1264] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 008F7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[1264] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 008ED240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[1264] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 008FB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[1264] ntdll.dll!NtClose 776E4184 5 Bytes JMP 008ED120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[1264] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 008F5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[1264] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 008F5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[1264] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 008F44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[1264] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 008F3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[1264] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 008F8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[1264] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 008F9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[1264] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 008F9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[1264] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 008F8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[1296] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00257F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[1296] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0024D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[1296] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0025B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[1296] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0024D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[1296] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00255070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[1296] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00255C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[1296] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 002544D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[1296] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00253BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[1296] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00258D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[1296] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00259D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[1296] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00259E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[1296] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00258AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1332] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1332] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1332] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1332] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1332] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1332] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1332] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1332] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1332] RPCRT4.dll!RpcServerRegisterIfEx 7665929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1332] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1332] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1332] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1332] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1332] rpcss.dll!WhichService 748C3F84 8 Bytes JMP EDF01001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1372] ntdll.dll!NtAllocateVirtualMemory 776E3FA4 5 Bytes JMP 00534850 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1372] ntdll.dll!NtCreateFile 776E4244 5 Bytes JMP 0054ECA0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1456] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1456] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1456] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1456] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1456] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1456] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1456] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1456] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1456] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1456] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1456] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1456] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[1504] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00367F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[1504] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0035D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[1504] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0036B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[1504] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0035D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[1504] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00365070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[1504] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00365C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[1504] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00368D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[1504] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00369D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[1504] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00369E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[1504] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00368AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[1504] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 003644D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[1504] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00363BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1520] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1520] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1520] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1520] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1520] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1520] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1520] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1520] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1520] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1520] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1520] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1520] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1544] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1544] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1544] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1544] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1544] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1544] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1544] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1544] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1544] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1544] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1544] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1544] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1604] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1604] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1604] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1604] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1604] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1604] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1604] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1604] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1604] RPCRT4.dll!RpcServerRegisterIfEx 7665929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1604] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1604] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1604] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1604] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00087F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0007D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0008B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0007D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00085070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00085C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00088D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00089D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00089E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00088AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 000844D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[1664] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00083BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\AUDIODG.EXE[1692] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\AUDIODG.EXE[1692] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\AUDIODG.EXE[1692] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\AUDIODG.EXE[1692] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\AUDIODG.EXE[1692] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\AUDIODG.EXE[1692] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\AUDIODG.EXE[1692] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\AUDIODG.EXE[1692] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\AUDIODG.EXE[1692] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\AUDIODG.EXE[1692] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\AUDIODG.EXE[1692] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\AUDIODG.EXE[1692] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1716] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1716] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1716] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1716] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1716] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1716] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1716] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1716] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1716] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1716] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1716] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1716] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1792] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1792] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1792] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1792] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1792] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1792] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1792] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1792] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1792] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1792] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1792] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1792] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Hpservice.exe[1876] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00087F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Hpservice.exe[1876] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0007D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Hpservice.exe[1876] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0008B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Hpservice.exe[1876] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0007D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Hpservice.exe[1876] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00085070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Hpservice.exe[1876] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00085C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Hpservice.exe[1876] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 000844D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Hpservice.exe[1876] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00083BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Hpservice.exe[1876] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00088D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Hpservice.exe[1876] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00089D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Hpservice.exe[1876] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00089E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Hpservice.exe[1876] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00088AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[2040] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00257F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[2040] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0024D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[2040] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0025B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[2040] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0024D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[2040] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00255070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[2040] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00255C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[2040] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00258D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[2040] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00259D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[2040] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00259E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[2040] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00258AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[2040] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 002544D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Ati2evxx.exe[2040] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00253BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2116] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00907F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2116] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 008FD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2116] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0090B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2116] ntdll.dll!NtClose 776E4184 5 Bytes JMP 008FD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2116] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00905070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2116] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00905C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2116] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00908D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2116] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00909D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2116] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00909E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2116] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00908AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2116] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 009044D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2116] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00903BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\accoca.exe[2164] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00CC7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\accoca.exe[2164] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 00CBD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\accoca.exe[2164] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 00CCB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\accoca.exe[2164] ntdll.dll!NtClose 776E4184 5 Bytes JMP 00CBD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\accoca.exe[2164] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00CC5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\accoca.exe[2164] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00CC5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\accoca.exe[2164] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 00CC44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\accoca.exe[2164] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00CC3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\accoca.exe[2164] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00CC8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\accoca.exe[2164] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00CC9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\accoca.exe[2164] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00CC9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\accoca.exe[2164] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00CC8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2292] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2292] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2292] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2292] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2292] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2292] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2292] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2292] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2292] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2292] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2292] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2292] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[2312] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00F47F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[2312] ntdll.dll!LdrUnloadDll 776BB680 3 Bytes JMP 00F3D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[2312] ntdll.dll!LdrUnloadDll + 4 776BB684 3 Bytes [89, CC, CC] {MOV ESP, ECX; INT 3 } .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[2312] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 00F4B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[2312] ntdll.dll!NtClose 776E4184 5 Bytes JMP 00F3D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[2312] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00F45070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[2312] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00F45C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[2312] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 00F444D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[2312] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00F43BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[2312] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00F48D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[2312] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00F49D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[2312] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00F49E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[2312] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00F48AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2388] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00257F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2388] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0024D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2388] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0025B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2388] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0024D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2388] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00255070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2388] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00255C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2388] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 002544D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2388] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00253BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2388] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00258D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2388] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00259D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2388] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00259E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2388] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00258AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[2516] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00157F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[2516] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0014D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[2516] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0015B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[2516] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0014D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[2516] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00155070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[2516] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00155C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[2516] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 001544D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[2516] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00153BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[2516] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00158D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[2516] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00159D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[2516] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00159E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[2516] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00158AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[2552] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00157F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[2552] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0014D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[2552] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0015B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[2552] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0014D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[2552] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00155070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[2552] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00155C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[2552] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 001544D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[2552] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00153BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[2552] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00158D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[2552] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00159D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[2552] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00159E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[2552] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00158AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2628] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 000C7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2628] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 000BD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2628] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 000CB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2628] ntdll.dll!NtClose 776E4184 5 Bytes JMP 000BD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2628] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 000C5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2628] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 000C5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2628] kernel32.dll!SetUnhandledExceptionFilter 75FFA8C5 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2628] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 000C8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2628] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 000C9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2628] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 000C9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2628] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 000C8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2628] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 000C44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2628] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 000C3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe[2660] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00377F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe[2660] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0036D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe[2660] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0037B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe[2660] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0036D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe[2660] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00375070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe[2660] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00375C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe[2660] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 003744D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe[2660] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00373BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe[2660] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00378D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe[2660] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00379D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe[2660] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00379E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe[2660] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00378AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[2684] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00207F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[2684] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 001FD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[2684] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0020B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[2684] ntdll.dll!NtClose 776E4184 5 Bytes JMP 001FD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[2684] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00205070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[2684] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00205C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[2684] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 002044D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[2684] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00203BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[2684] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00208D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[2684] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00209D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[2684] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00209E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskeng.exe[2684] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00208AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2788] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00347F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2788] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0033D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2788] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0034B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2788] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0033D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2788] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00345070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2788] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00345C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2788] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 003444D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2788] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00343BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2788] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00348D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2788] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00349D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2788] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00349E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2788] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00348AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2860] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2860] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2860] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2860] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2860] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2860] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2860] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2860] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2860] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2860] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2860] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2860] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2952] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00C57F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2952] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 00C4D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2952] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 00C5B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2952] ntdll.dll!NtClose 776E4184 5 Bytes JMP 00C4D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2952] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00C55070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2952] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00C55C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2952] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 00C544D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2952] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00C53BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2952] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00C58D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2952] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00C59D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2952] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00C59E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2952] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00C58AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2992] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2992] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2992] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2992] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2992] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2992] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2992] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2992] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2992] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2992] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2992] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2992] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\PDF Complete\pdfsvc.exe[3040] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00987F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\PDF Complete\pdfsvc.exe[3040] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0097D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\PDF Complete\pdfsvc.exe[3040] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0098B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\PDF Complete\pdfsvc.exe[3040] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0097D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\PDF Complete\pdfsvc.exe[3040] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00985070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\PDF Complete\pdfsvc.exe[3040] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00985C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\PDF Complete\pdfsvc.exe[3040] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00988D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\PDF Complete\pdfsvc.exe[3040] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00989D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\PDF Complete\pdfsvc.exe[3040] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00989E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\PDF Complete\pdfsvc.exe[3040] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00988AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\PDF Complete\pdfsvc.exe[3040] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 009844D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\PDF Complete\pdfsvc.exe[3040] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00983BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3068] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3068] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3068] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3068] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3068] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3068] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3068] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3068] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3068] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3068] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3068] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3068] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\PnkBstrA.exe[3084] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 008D7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\PnkBstrA.exe[3084] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 008CD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\PnkBstrA.exe[3084] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 008DB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\PnkBstrA.exe[3084] ntdll.dll!NtClose 776E4184 5 Bytes JMP 008CD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\PnkBstrA.exe[3084] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 008D5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\PnkBstrA.exe[3084] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 008D5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\PnkBstrA.exe[3084] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 008D8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\PnkBstrA.exe[3084] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 008D9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\PnkBstrA.exe[3084] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 008D9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\PnkBstrA.exe[3084] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 008D8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\PnkBstrA.exe[3084] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 008D44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\PnkBstrA.exe[3084] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 008D3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3108] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3108] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3108] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3108] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3108] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3108] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3108] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3108] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3108] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3108] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3108] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3108] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3124] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00857F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3124] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0084D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3124] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0085B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3124] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0084D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3124] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00855070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3124] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00855C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3124] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 008544D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3124] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00853BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3124] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00858D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3124] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00859D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3124] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00859E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3124] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00858AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3144] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 001D7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3144] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 001CD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3144] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 001DB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3144] ntdll.dll!NtClose 776E4184 5 Bytes JMP 001CD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3144] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 001D5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3144] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 001D5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3144] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 001D44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3144] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 001D3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3144] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 001D8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3144] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 001D9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3144] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 001D9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3144] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 001D8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3200] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3200] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3200] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3200] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3200] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3200] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3200] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3200] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3200] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3200] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3200] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3200] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3272] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 001C7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3272] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 001BD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3272] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 001CB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3272] ntdll.dll!NtClose 776E4184 5 Bytes JMP 001BD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3272] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 001C5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3272] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 001C5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3272] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 001C8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3272] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 001C9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3272] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 001C9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3272] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 001C8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3272] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 001C44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3272] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 001C3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[3300] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 008D7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[3300] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 008CD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[3300] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 008DB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[3300] ntdll.dll!NtClose 776E4184 5 Bytes JMP 008CD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[3300] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 008D5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[3300] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 008D5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[3300] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 008D8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[3300] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 008D9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[3300] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 008D9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[3300] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 008D8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[3300] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 008D44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[3300] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 008D3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[3372] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 003D7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[3372] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 003CD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[3372] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 003DB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[3372] ntdll.dll!NtClose 776E4184 5 Bytes JMP 003CD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[3372] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 003D5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[3372] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 003D5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[3372] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 003D44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[3372] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 003D3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[3372] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 003D8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[3372] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 003D9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[3372] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 003D9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[3372] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 003D8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3420] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3420] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3420] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3420] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3420] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3420] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3420] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3420] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3420] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3420] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3420] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[3420] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3460] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00357F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3460] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0034D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3460] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0035B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3460] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0034D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3460] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00355070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3460] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00355C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3460] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 003544D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3460] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00353BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3460] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00358D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3460] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00359D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3460] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00359E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3460] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00358AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3496] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00807F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3496] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 007FD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3496] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0080B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3496] ntdll.dll!NtClose 776E4184 5 Bytes JMP 007FD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3496] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00805070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3496] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00805C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3496] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00808D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3496] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00809D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3496] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00809E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3496] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00808AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3496] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 008044D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3496] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00803BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3828] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 018F7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3828] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 018ED240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3828] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 018FB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3828] ntdll.dll!NtClose 776E4184 5 Bytes JMP 018ED120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3828] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 018F5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3828] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 018F5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3828] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 018F8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3828] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 018F9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3828] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 018F9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3828] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 018F8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3828] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 018F44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3828] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 018F3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\alg.exe[3860] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 007F7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\alg.exe[3860] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 007ED240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\alg.exe[3860] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 007FB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\alg.exe[3860] ntdll.dll!NtClose 776E4184 5 Bytes JMP 007ED120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\alg.exe[3860] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 007F5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\alg.exe[3860] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 007F5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\alg.exe[3860] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 007F44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\alg.exe[3860] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 007F3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\alg.exe[3860] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 007F8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\alg.exe[3860] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 007F9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\alg.exe[3860] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 007F9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\alg.exe[3860] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 007F8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 009E7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 009DD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 009EB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtClose 776E4184 5 Bytes JMP 009DD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtCreateFile + 6 776E424A 4 Bytes [28, B8, 11, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtCreateFile + B 776E424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtMapViewOfSection + 6 776E499A 4 Bytes [28, BB, 11, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtMapViewOfSection + B 776E499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenFile + 6 776E4A2A 4 Bytes [68, B8, 11, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenFile + B 776E4A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcess + 6 776E4AAA 4 Bytes [A8, B9, 11, 00] {TEST AL, 0xb9; ADC [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcess + B 776E4AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessToken + B 776E4ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessTokenEx + 6 776E4ACA 4 Bytes [A8, BA, 11, 00] {TEST AL, 0xba; ADC [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessTokenEx + B 776E4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThread + 6 776E4B1A 4 Bytes [68, B9, 11, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThread + B 776E4B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadToken + 6 776E4B2A 4 Bytes [68, BA, 11, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadToken + B 776E4B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadTokenEx + B 776E4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryAttributesFile + 6 776E4BCA 4 Bytes [A8, B8, 11, 00] {TEST AL, 0xb8; ADC [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryAttributesFile + B 776E4BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryFullAttributesFile + B 776E4C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationFile + 6 776E515A 4 Bytes [28, B9, 11, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationFile + B 776E515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationThread + 6 776E51AA 4 Bytes [28, BA, 11, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationThread + B 776E51AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtUnmapViewOfSection + 6 776E544A 4 Bytes [68, BB, 11, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtUnmapViewOfSection + B 776E544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 009E5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 009E5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 009E8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 009E9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 009E9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 009E8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 009E44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 009E3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[4104] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[4104] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[4104] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[4104] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[4104] KERNEL32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[4104] KERNEL32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[4104] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[4104] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[4104] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[4104] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[4104] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[4104] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe[4136] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 003A7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe[4136] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0039D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe[4136] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 003AB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe[4136] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0039D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe[4136] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 003A5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe[4136] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 003A5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe[4136] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 003A8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe[4136] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 003A9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe[4136] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 003A9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe[4136] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 003A8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe[4136] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 003A44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe[4136] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 003A3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[4144] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00257F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[4144] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0024D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[4144] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0025B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[4144] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0024D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[4144] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00255070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[4144] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00255C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[4144] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00258D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[4144] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00259D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[4144] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00259E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[4144] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00258AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[4144] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 002544D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[4144] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00253BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4152] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 003D7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4152] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 003CD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4152] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 003DB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4152] ntdll.dll!NtClose 776E4184 5 Bytes JMP 003CD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4152] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 003D5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4152] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 003D5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4152] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 003D8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4152] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 003D9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4152] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 003D9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4152] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 003D8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4152] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 003D44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[4152] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 003D3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4176] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00187F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4176] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0017D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4176] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0018B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4176] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0017D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4176] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00185070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4176] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00185C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4176] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 001844D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4176] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00183BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4176] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00188D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4176] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00189D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4176] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00189E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4176] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00188AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdSync.exe[4184] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 001A7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdSync.exe[4184] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0019D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdSync.exe[4184] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 001AB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdSync.exe[4184] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0019D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdSync.exe[4184] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 001A5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdSync.exe[4184] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 001A5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdSync.exe[4184] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 001A44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdSync.exe[4184] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 001A3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdSync.exe[4184] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 001A8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdSync.exe[4184] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 001A9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdSync.exe[4184] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 001A9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdSync.exe[4184] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 001A8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4196] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00207F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4196] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 001FD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4196] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0020B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4196] ntdll.dll!NtClose 776E4184 5 Bytes JMP 001FD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4196] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00205070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4196] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00205C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4196] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 002044D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4196] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00203BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4196] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00208D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4196] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00209D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4196] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00209E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[4196] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00208AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4228] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00287F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4228] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0027D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4228] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0028B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4228] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0027D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4228] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00285070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4228] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00285C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4228] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00288D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4228] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00289D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4228] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00289E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4228] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00288AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4228] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 002844D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[4228] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00283BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[4236] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 000C7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[4236] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 000BD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[4236] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 000CB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[4236] ntdll.dll!NtClose 776E4184 5 Bytes JMP 000BD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[4236] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 000C5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[4236] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 000C5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[4236] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 000C44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[4236] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 000C3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[4236] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 000C8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[4236] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 000C9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[4236] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 000C9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[4236] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 000C8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4284] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00707F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4284] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 006FD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4284] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0070B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4284] ntdll.dll!NtClose 776E4184 5 Bytes JMP 006FD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4284] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00705070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4284] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00705C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4284] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 007044D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4284] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00703BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4284] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00708D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4284] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00709D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4284] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00709E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4284] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00708AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4296] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00157F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4296] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0014D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4296] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0015B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4296] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0014D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4296] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00155070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4296] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00155C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4296] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 001544D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4296] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00153BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4296] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00158D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4296] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00159D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4296] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00159E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnscfg.exe[4296] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00158AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gBTMouseTask.exe[4312] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00197F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gBTMouseTask.exe[4312] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0018D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gBTMouseTask.exe[4312] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0019B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gBTMouseTask.exe[4312] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0018D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gBTMouseTask.exe[4312] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00195070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gBTMouseTask.exe[4312] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00195C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gBTMouseTask.exe[4312] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00198D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gBTMouseTask.exe[4312] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00199D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gBTMouseTask.exe[4312] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00199E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gBTMouseTask.exe[4312] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00198AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gBTMouseTask.exe[4312] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 001944D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gBTMouseTask.exe[4312] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00193BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\PenMouse.exe[4328] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00187F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\PenMouse.exe[4328] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0017D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\PenMouse.exe[4328] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0018B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\PenMouse.exe[4328] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0017D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\PenMouse.exe[4328] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00185070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\PenMouse.exe[4328] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00185C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\PenMouse.exe[4328] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00188D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\PenMouse.exe[4328] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00189D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\PenMouse.exe[4328] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00189E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\PenMouse.exe[4328] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00188AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\PenMouse.exe[4328] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 001844D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\PenMouse.exe[4328] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00183BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[4340] ntdll.dll!NtAllocateVirtualMemory 776E3FA4 5 Bytes JMP 00780630 C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4352] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00707F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4352] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 006FD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4352] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0070B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4352] ntdll.dll!NtClose 776E4184 5 Bytes JMP 006FD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4352] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00705070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4352] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00705C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4352] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00708D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4352] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00709D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4352] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00709E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4352] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00708AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4352] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 007044D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4352] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00703BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\unsecapp.exe[4428] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 003A7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\unsecapp.exe[4428] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0039D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\unsecapp.exe[4428] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 003AB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\unsecapp.exe[4428] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0039D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\unsecapp.exe[4428] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 003A5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\unsecapp.exe[4428] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 003A5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\unsecapp.exe[4428] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 003A44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\unsecapp.exe[4428] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 003A3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\unsecapp.exe[4428] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 003A8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\unsecapp.exe[4428] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 003A9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\unsecapp.exe[4428] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 003A9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\unsecapp.exe[4428] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 003A8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4436] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00367F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4436] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0035D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4436] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0036B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4436] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0035D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4436] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00365070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4436] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00365C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4436] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 003644D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4436] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00363BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4436] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00368D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4436] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00369D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4436] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00369E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4436] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00368AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[4464] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00157F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[4464] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0014D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[4464] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0015B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[4464] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0014D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[4464] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00155070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[4464] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00155C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[4464] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 001544D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[4464] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00153BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[4464] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00158D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[4464] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00159D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[4464] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00159E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[4464] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00158AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4576] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 000B7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4576] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 000AD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4576] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 000BB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4576] ntdll.dll!NtClose 776E4184 5 Bytes JMP 000AD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4576] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 000B5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4576] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 000B5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4576] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 000B44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4576] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 000B3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4576] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 000B8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4576] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 000B9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4576] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 000B9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4576] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 000B8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[4608] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 001D7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[4608] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 001CD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[4608] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 001DB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[4608] ntdll.dll!NtClose 776E4184 5 Bytes JMP 001CD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[4608] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 001D5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[4608] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 001D5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[4608] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 001D44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[4608] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 001D3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[4608] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 001D8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[4608] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 001D9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[4608] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 001D9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[4608] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 001D8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4756] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00187F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4756] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0017D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4756] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0018B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4756] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0017D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4756] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00185070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4756] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00185C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4756] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 001844D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4756] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00183BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4756] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00188D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4756] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00189D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4756] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00189E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4756] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00188AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4788] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00377F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4788] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0036D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4788] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0037B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4788] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0036D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4788] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00375070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4788] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00375C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4788] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00378D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4788] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00379D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4788] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00379E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4788] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00378AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4788] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 003744D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4788] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00373BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[4820] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[4820] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[4820] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[4820] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[4820] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[4820] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[4820] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[4820] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[4820] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[4820] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[4820] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[4820] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4828] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 01A27F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4828] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 01A1D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4828] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 01A2B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4828] ntdll.dll!NtClose 776E4184 5 Bytes JMP 01A1D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4828] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 01A25070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4828] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 01A25C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4828] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 01A244D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4828] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 01A23BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4828] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 01A28D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4828] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 01A29D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4828] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 01A29E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4828] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 01A28AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe[4836] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 001B7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe[4836] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 001AD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe[4836] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 001BB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe[4836] ntdll.dll!NtClose 776E4184 5 Bytes JMP 001AD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe[4836] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 001B5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe[4836] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 001B5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe[4836] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 001B44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe[4836] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 001B3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe[4836] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 001B8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe[4836] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 001B9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe[4836] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 001B9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe[4836] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 001B8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4844] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 007E7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4844] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 007DD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4844] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 007EB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4844] ntdll.dll!NtClose 776E4184 5 Bytes JMP 007DD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4844] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 007E5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4844] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 007E5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4844] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 007E44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4844] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 007E3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4844] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 007E8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4844] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 007E9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4844] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 007E9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4844] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 007E8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK32.EXE[4852] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00917F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK32.EXE[4852] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0090D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK32.EXE[4852] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0091B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK32.EXE[4852] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0090D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK32.EXE[4852] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00915070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK32.EXE[4852] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00915C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK32.EXE[4852] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 009144D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK32.EXE[4852] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00913BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK32.EXE[4852] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00918D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK32.EXE[4852] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00919D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK32.EXE[4852] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00919E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK32.EXE[4852] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00918AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Downloads\OTL.exe[4936] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Downloads\OTL.exe[4936] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Downloads\OTL.exe[4936] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Downloads\OTL.exe[4936] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Downloads\OTL.exe[4936] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Downloads\OTL.exe[4936] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Downloads\OTL.exe[4936] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Downloads\OTL.exe[4936] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Downloads\OTL.exe[4936] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Downloads\OTL.exe[4936] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Downloads\OTL.exe[4936] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Downloads\OTL.exe[4936] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4940] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4940] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4940] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4940] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4940] KERNEL32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4940] KERNEL32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4940] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4940] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4940] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4940] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4940] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4940] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[4992] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 002E7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[4992] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 002DD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[4992] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 002EB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[4992] ntdll.dll!NtClose 776E4184 5 Bytes JMP 002DD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[4992] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 002E5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[4992] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 002E5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[4992] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 002E44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[4992] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 002E3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[4992] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 002E8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[4992] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 002E9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[4992] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 002E9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[4992] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 002E8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5032] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5032] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5032] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5032] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5032] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5032] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5032] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5032] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5032] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5032] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5032] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5032] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5136] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5136] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5136] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5136] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5136] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5136] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5136] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5136] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5136] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5136] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5136] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[5136] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gIoCentre4DFunMgm.exe[5360] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00257F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gIoCentre4DFunMgm.exe[5360] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0024D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gIoCentre4DFunMgm.exe[5360] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0025B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gIoCentre4DFunMgm.exe[5360] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0024D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gIoCentre4DFunMgm.exe[5360] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00255070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gIoCentre4DFunMgm.exe[5360] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00255C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gIoCentre4DFunMgm.exe[5360] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00258D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gIoCentre4DFunMgm.exe[5360] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00259D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gIoCentre4DFunMgm.exe[5360] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00259E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gIoCentre4DFunMgm.exe[5360] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00258AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gIoCentre4DFunMgm.exe[5360] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 002544D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Genius\PenMouse\gIoCentre4DFunMgm.exe[5360] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00253BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[5472] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 003A7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[5472] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0039D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[5472] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 003AB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[5472] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0039D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[5472] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 003A5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[5472] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 003A5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[5472] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 003A8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[5472] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 003A9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[5472] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 003A9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[5472] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 003A8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[5472] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 003A44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[5472] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 003A3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5500] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00CA7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5500] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 00C9D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5500] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 00CAB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5500] ntdll.dll!NtClose 776E4184 5 Bytes JMP 00C9D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5500] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00CA5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5500] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00CA5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5500] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00CA8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5500] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00CA9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5500] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00CA9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5500] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00CA8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5500] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 00CA44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5500] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00CA3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5552] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 008F7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5552] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 008ED240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5552] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 008FB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5552] ntdll.dll!NtClose 776E4184 5 Bytes JMP 008ED120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5552] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 008F5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5552] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 008F5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5552] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 008F44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5552] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 008F3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5552] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 008F8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5552] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 008F9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5552] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 008F9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5552] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 008F8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[5684] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00C17F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[5684] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 00C0D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[5684] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 00C1B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[5684] ntdll.dll!NtClose 776E4184 5 Bytes JMP 00C0D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[5684] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00C15070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[5684] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00C15C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[5684] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 00C144D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[5684] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00C13BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[5684] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00C18D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[5684] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00C19D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[5684] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00C19E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[5684] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00C18AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6752] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 018C7F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6752] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 018BD240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6752] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 018CB670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6752] ntdll.dll!NtClose 776E4184 5 Bytes JMP 018BD120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6752] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 018C5070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6752] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 018C5C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6752] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 018C44D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6752] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 018C3BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6752] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 018C8D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6752] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 018C9D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6752] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 018C9E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6752] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 018C8AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[7296] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00087F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[7296] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0007D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[7296] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0008B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[7296] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0007D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[7296] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00085070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[7296] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00085C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[7296] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 000844D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[7296] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00083BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[7296] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00088D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[7296] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00089D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[7296] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00089E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[7296] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00088AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Documents\combo[7556] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Documents\combo[7556] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Documents\combo[7556] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Documents\combo[7556] ntdll.dll!NtClose 776E4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Documents\combo[7556] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Documents\combo[7556] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Documents\combo[7556] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Documents\combo[7556] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Documents\combo[7556] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Documents\combo[7556] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Documents\combo[7556] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\Documents\combo[7556] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 00C17F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 00C0D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 00C1B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtClose 776E4184 5 Bytes JMP 00C0D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtCreateFile + 6 776E424A 4 Bytes [28, A8, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtCreateFile + B 776E424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtMapViewOfSection + 6 776E499A 4 Bytes [28, AB, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtMapViewOfSection + B 776E499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtOpenFile + 6 776E4A2A 4 Bytes [68, A8, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtOpenFile + B 776E4A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtOpenProcess + 6 776E4AAA 4 Bytes [A8, A9, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtOpenProcess + B 776E4AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtOpenProcessToken + B 776E4ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtOpenProcessTokenEx + 6 776E4ACA 4 Bytes [A8, AA, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtOpenProcessTokenEx + B 776E4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtOpenThread + 6 776E4B1A 4 Bytes [68, A9, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtOpenThread + B 776E4B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtOpenThreadToken + 6 776E4B2A 4 Bytes [68, AA, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtOpenThreadToken + B 776E4B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtOpenThreadTokenEx + B 776E4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtQueryAttributesFile + 6 776E4BCA 4 Bytes [A8, A8, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtQueryAttributesFile + B 776E4BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtQueryFullAttributesFile + B 776E4C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtSetInformationFile + 6 776E515A 4 Bytes [28, A9, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtSetInformationFile + B 776E515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtSetInformationThread + 6 776E51AA 4 Bytes [28, AA, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtSetInformationThread + B 776E51AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtUnmapViewOfSection + 6 776E544A 4 Bytes [68, AB, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ntdll.dll!NtUnmapViewOfSection + B 776E544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00C15070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00C15C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00C18D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00C19D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00C19E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00C18AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 00C144D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Google\Chrome\Application\chrome.exe[7584] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00C13BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\gghub.exe[7904] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 02077F40 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\gghub.exe[7904] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0206D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\gghub.exe[7904] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0207B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\gghub.exe[7904] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0206D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\gghub.exe[7904] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 02075070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\gghub.exe[7904] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 02075C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\gghub.exe[7904] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 02078D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\gghub.exe[7904] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 02079D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\gghub.exe[7904] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 02079E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\gghub.exe[7904] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 02078AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\gghub.exe[7904] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 020744D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\gghub.exe[7904] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 02073BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggapp.exe[7980] ntdll.dll!LdrLoadDll 776A9378 5 Bytes JMP 5CA0C464 C:\Users\KRZYSIO\AppData\Local\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggapp.exe[7980] ntdll.dll!LdrUnloadDll 776BB680 7 Bytes JMP 0088D240 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggapp.exe[7980] ntdll.dll!NtAlpcSendWaitReceivePort 776E40E4 5 Bytes JMP 0089B670 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggapp.exe[7980] ntdll.dll!NtClose 776E4184 5 Bytes JMP 0088D120 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggapp.exe[7980] kernel32.dll!CreateProcessW 75FD1BF3 5 Bytes JMP 00895070 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggapp.exe[7980] kernel32.dll!CreateProcessA 75FD1C28 5 Bytes JMP 00895C00 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggapp.exe[7980] kernel32.dll!MapViewOfFile 76016B10 5 Bytes JMP 5D1FE97C C:\Users\KRZYSIO\AppData\Local\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggapp.exe[7980] kernel32.dll!VirtualAlloc 7601AF75 5 Bytes JMP 5D1FE936 C:\Users\KRZYSIO\AppData\Local\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggapp.exe[7980] USER32.dll!SetWindowLongA 7629E7CD 5 Bytes JMP 5D084C17 C:\Users\KRZYSIO\AppData\Local\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggapp.exe[7980] USER32.dll!SetWindowLongW 762A13B4 5 Bytes JMP 5D084C77 C:\Users\KRZYSIO\AppData\Local\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggapp.exe[7980] GDI32.dll!DeleteDC 761968CD 5 Bytes JMP 00898D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggapp.exe[7980] GDI32.dll!CreateDIBSection 76197461 5 Bytes JMP 5D1FE9A3 C:\Users\KRZYSIO\AppData\Local\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggapp.exe[7980] GDI32.dll!CreateDCW 7619A91D 5 Bytes JMP 00899D10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggapp.exe[7980] GDI32.dll!CreateDCA 7619AA49 5 Bytes JMP 00899E10 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggapp.exe[7980] GDI32.dll!GetPixel 7619BE90 5 Bytes JMP 00898AE0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggapp.exe[7980] ADVAPI32.dll!CreateProcessAsUserA 775BCEB9 5 Bytes JMP 008944D0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\KRZYSIO\AppData\Local\GG\Application\ggapp.exe[7980] ADVAPI32.dll!CreateProcessAsUserW 775D1EE9 5 Bytes JMP 00893BA0 C:\Windows\System32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [82E8AF0E] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [82E8B22E] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82E8A71C] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82E8B0EC] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [82E8A852] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [82E8A910] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [82E9ECE8] \SystemRoot\System32\Drivers\sptd.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Google\Chrome\Application\chrome.exe[336] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00AB0010 IAT C:\windows\Explorer.EXE[2552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73EA7817] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73EEB4E9] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73EABB22] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73E9F695] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73EA75E9] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73E9E7CA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73ED73F5] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73EADA60] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73E9FFFA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73E9FF61] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73E971CF] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73F2CAE2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73ECC8D8] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73E9D968] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [73E96853] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73E9687E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2552] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73EA2AD1] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4076] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00120010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[7584] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 009E0010 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 85D961E8 Device \FileSystem\fastfat \FatCdrom 8ADDA1E8 Device \Driver\netbt \Device\NetBT_Tcpip_{DFA73058-12F7-4958-A05B-96923AA6B7FC} 8AD0C1E8 Device \FileSystem\fastfat \Fat 8ADDA1E8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedzer filtrów systemu plików firmy Microsoft/Microsoft Corporation) Device \FileSystem\cdfs \Cdfs 884931E8 ---- Processes - GMER 1.0.15 ---- Library C:\Users\KRZYSIO\Documents\combo (*** hidden *** ) @ C:\Users\KRZYSIO\Documents\combo [7556] 0x00400000 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247eaaad96 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247eaaad96@001fe38aad5f 0x2E 0x0E 0x41 0xD8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247eaaad96@0024039ddc3d 0xA5 0x21 0x73 0xFB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247eaaad96@0024039ddb16 0x52 0xEB 0xFC 0xA6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247eaaad96@e4ec10a69c35 0xDD 0x61 0x12 0xEC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAE 0x60 0x2E 0xE4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB7 0x47 0xB9 0xA3 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00247eaaad96 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00247eaaad96@001fe38aad5f 0x2E 0x0E 0x41 0xD8 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00247eaaad96@0024039ddc3d 0xA5 0x21 0x73 0xFB ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00247eaaad96@0024039ddb16 0x52 0xEB 0xFC 0xA6 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00247eaaad96@e4ec10a69c35 0xDD 0x61 0x12 0xEC ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAE 0x60 0x2E 0xE4 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB7 0x47 0xB9 0xA3 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{53919742-E0F5-ACAB-0406-86E1D3E33E2C} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{53919742-E0F5-ACAB-0406-86E1D3E33E2C}@hahknhijbllnmlal 0x6B 0x61 0x6A 0x6B ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{53919742-E0F5-ACAB-0406-86E1D3E33E2C}@ianjdgfbgopebhcnlk 0x6B 0x61 0x6A 0x6B ... ---- EOF - GMER 1.0.15 ----