GMER 2.1.18952 - http://www.gmer.net Rootkit scan 2013-02-17 15:32:21 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST9250827AS rev.3.AAA 232,89GB Running: tn4t5lz8.exe; Driver: C:\Users\oem\AppData\Local\Temp\kwtoapoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8C93DFB0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8C93E19C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8C93D310] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8C93DC16] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8C93D9CA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8C93ED14] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8C93CCFC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8C93E746] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8C93D5D8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8C93DDF2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8C93D872] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8C93EA32] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8C93D542] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8C93D75E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x8C93D112] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8C93CF00] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8C93E3CA] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 119 822BA7DC 4 Bytes [B0, DF, 93, 8C] .text ntkrnlpa.exe!KeSetEvent + 13D 822BA800 4 Bytes [9C, E1, 93, 8C] .text ntkrnlpa.exe!KeSetEvent + 1C1 822BA884 4 Bytes [10, D3, 93, 8C] .text ntkrnlpa.exe!KeSetEvent + 1D9 822BA89C 4 Bytes [16, DC, 93, 8C] .text ntkrnlpa.exe!KeSetEvent + 215 822BA8D8 4 Bytes [CA, D9, 93, 8C] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8BE09000, 0x1E6984, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[532] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 75CB1BA0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[532] ntdll.dll!NtReplyWaitReceivePort 77724F74 5 Bytes JMP 75CB1450 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[532] ntdll.dll!NtReplyWaitReceivePortEx 77724F84 5 Bytes JMP 75CB17F0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!RegisterRawInputDevices 77296161 5 Bytes JMP 10018F00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!SetWindowsHookExA 77296322 5 Bytes JMP 1001CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!SystemParametersInfoA 772982E1 7 Bytes JMP 1001C690 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!GetAsyncKeyState 7729863C 5 Bytes JMP 10019120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!SetWindowsHookExW 772987AD 5 Bytes JMP 1001C8B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!SendNotifyMessageW 772993D6 5 Bytes JMP 1001A160 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!MoveWindow 7729989F 5 Bytes JMP 10018C20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!SetWinEventHook 77299F3A 5 Bytes JMP 1001C160 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!SetParent 7729A2AA 5 Bytes JMP 10018980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!PostThreadMessageA 7729BD34 5 Bytes JMP 1001B980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!GetKeyboardState 7729BD7D 5 Bytes JMP 10019680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!RegisterHotKey 7729BDA5 5 Bytes JMP 10018140 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!EnableWindow 7729CD8B 5 Bytes JMP 10017EA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!PostMessageA 7729F8F8 5 Bytes JMP 1001BEC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!SendMessageA 7729F956 5 Bytes JMP 1001B440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!SendMessageTimeoutW 772A352D 5 Bytes JMP 1001AC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!SendMessageCallbackW 772A4570 5 Bytes JMP 1001A6A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!PostThreadMessageW 772A7C8E 5 Bytes JMP 1001B6E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!GetKeyState 772A8CB1 5 Bytes JMP 100193D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!PostMessageW 772AA175 5 Bytes JMP 1001BC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!SendMessageW 772B0AED 5 Bytes JMP 1001B1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!SystemParametersInfoW 772B11D8 7 Bytes JMP 1001C470 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!SendDlgItemMessageA 772B275B 5 Bytes JMP 10019EB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!SetClipboardViewer 772BBA2D 5 Bytes JMP 10018780 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!SendNotifyMessageA 772BDFCF 5 Bytes JMP 1001A400 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!BlockInput 772BFF0A 5 Bytes JMP 10018580 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!SendMessageTimeoutA 772C0006 5 Bytes JMP 1001AEE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!mouse_event 772C044E 5 Bytes JMP 100297C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!SendDlgItemMessageW 772C0E38 5 Bytes JMP 10019C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!SendInput 772C2F75 5 Bytes JMP 10019930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!GetClipboardData 772D715A 5 Bytes JMP 10018370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!ExitWindowsEx 772DB7C3 5 Bytes JMP 10017C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!keybd_event 772ED972 5 Bytes JMP 100299D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] USER32.dll!SendMessageCallbackA 772F2CA7 5 Bytes JMP 1001A960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] GDI32.dll!BitBlt 774770A6 5 Bytes JMP 10029530 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] GDI32.dll!StretchBlt 774793D6 5 Bytes JMP 10028D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] GDI32.dll!MaskBlt 7747C5CB 5 Bytes JMP 10029280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[596] GDI32.dll!PlgBlt 7748EB50 5 Bytes JMP 10028FF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[604] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 75CB1BA0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[604] ntdll.dll!NtReplyWaitReceivePort 77724F74 5 Bytes JMP 75CB1450 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[604] ntdll.dll!NtReplyWaitReceivePortEx 77724F84 5 Bytes JMP 75CB17F0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[644] services.exe 00F91628 4 Bytes [20, E2, 01, 10] {AND DL, AH; ADD [EAX], EDX} .text C:\Windows\system32\services.exe[644] services.exe 00F91638 4 Bytes [00, DD, 01, 10] {ADD CH, BL; ADD [EAX], EDX} .text C:\Windows\system32\services.exe[644] services.exe 00F91658 4 Bytes [40, E5, 01, 10] .text C:\Windows\system32\services.exe[644] services.exe 00F91668 4 Bytes [80, DF, 01, 10] .text C:\Windows\system32\services.exe[644] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[644] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[644] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[644] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[644] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[644] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[644] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[644] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[644] RPCRT4.dll!RpcServerRegisterIfEx 7617929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[644] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[644] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[644] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[644] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[660] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[660] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[660] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[660] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[660] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[660] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[660] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[660] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[660] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[660] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[660] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[660] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[716] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[716] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[716] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[716] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[716] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[716] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[716] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[716] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[756] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[756] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[756] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[756] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[756] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[756] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[756] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[756] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[756] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[756] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[756] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[756] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] RPCRT4.dll!RpcServerRegisterIfEx 7617929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] RPCRT4.dll!RpcServerRegisterIfEx 7617929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] rpcss.dll!WhichService 74EB3F84 8 Bytes JMP EDF01001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[964] ntdll.dll!NtAllocateVirtualMemory 77723FA4 5 Bytes JMP 00534850 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[964] ntdll.dll!NtCreateFile 77724244 5 Bytes JMP 0054ECA0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1044] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1044] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1044] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1044] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1044] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1044] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1056] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1056] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1056] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1056] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1056] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1056] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1080] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1080] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1080] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1080] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1080] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1080] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1080] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1080] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1080] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1080] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1080] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1080] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1164] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1164] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1164] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1164] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1164] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1164] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1164] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1164] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1164] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1164] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1164] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1164] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1176] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1176] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1176] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1176] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1176] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1176] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1176] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1176] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1176] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1176] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1176] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1176] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1188] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1188] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1188] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1188] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1188] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1188] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1188] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1188] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1188] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1188] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1220] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1220] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1220] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1220] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1220] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1220] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1220] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1220] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1232] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1232] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1232] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1232] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1232] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1232] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1232] RPCRT4.dll!RpcServerRegisterIfEx 7617929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1232] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1232] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1232] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1232] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1308] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1308] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1308] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1308] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1308] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1308] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1308] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1308] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1308] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1308] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1308] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1308] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1448] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1448] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1448] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1448] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1448] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1448] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1448] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1448] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1448] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1448] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1448] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1448] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1480] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1480] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1480] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1480] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1480] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1480] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1480] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1480] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1480] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1480] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1480] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1480] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[1604] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[1604] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[1604] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[1604] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[1604] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[1604] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[1604] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[1604] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[1604] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[1604] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[1604] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[1604] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1748] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1748] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1748] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1748] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1748] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1748] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1748] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1748] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1748] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1748] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1748] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1748] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1800] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1800] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1800] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1800] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1800] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1800] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1800] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1800] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1800] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1800] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1800] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1800] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1812] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1812] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1812] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1812] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1812] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1812] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1812] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1812] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1812] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1812] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1812] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1812] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1828] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1828] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1828] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1828] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1828] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1828] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1828] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1828] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1828] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1828] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1828] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1828] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1920] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1920] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1920] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1920] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1920] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1920] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1920] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1920] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1920] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1920] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1920] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1920] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1944] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1944] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1944] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1944] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1944] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1944] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1944] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1944] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1944] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1944] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1944] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1944] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1960] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1960] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1960] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1960] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1960] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1960] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1960] RPCRT4.dll!RpcServerRegisterIfEx 7617929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1960] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1960] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1960] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1960] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1968] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1968] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1968] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1968] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1968] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1968] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1968] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1968] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1968] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1968] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1968] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1968] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2088] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2088] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2088] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2088] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2088] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2088] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2088] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2088] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2088] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2088] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2088] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2088] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2100] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2100] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2100] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2100] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2100] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2100] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2100] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2100] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2100] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2100] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2100] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2100] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2104] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 00327F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2104] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 0031D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2104] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 0032B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2104] ntdll.dll!NtClose 77724184 5 Bytes JMP 0031D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2104] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 00325070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2104] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 00325C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2104] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 003244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2104] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 00323BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2104] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 00328D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2104] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 00329D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2104] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 00329E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2104] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 00328AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2112] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2112] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2112] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2112] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2112] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2112] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2112] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2112] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2112] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2112] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2112] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2112] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2120] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2120] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2120] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2120] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2120] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2120] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2120] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2120] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2120] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2120] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2120] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2120] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2128] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2128] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2128] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2128] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2128] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2128] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2128] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2128] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2128] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2128] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2128] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2128] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2136] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 00387F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2136] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 0037D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2136] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 0038B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2136] ntdll.dll!NtClose 77724184 5 Bytes JMP 0037D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2136] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 00385070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2136] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 00385C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2136] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 00388D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2136] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 00389D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2136] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 00389E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2136] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 00388AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2136] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 003844D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2136] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 00383BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[2264] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[2264] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[2264] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[2264] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[2264] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[2264] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[2264] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[2264] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[2264] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[2264] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[2264] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[2264] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2276] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2276] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2276] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2276] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2276] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2276] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2276] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2276] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2276] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2276] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2276] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2276] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2292] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2292] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2292] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2292] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2292] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2292] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2292] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2292] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2292] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2292] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2292] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2292] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2300] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2300] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2300] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2300] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2300] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2300] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2300] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2300] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2300] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2300] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2300] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2300] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2320] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2320] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2320] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2320] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2320] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2320] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2320] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2320] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2320] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2320] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2320] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2320] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2400] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2400] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2400] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2400] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2400] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2400] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2400] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2400] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2400] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2400] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2400] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2400] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2484] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2484] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2484] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2484] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2484] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2484] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2484] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2484] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2484] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2484] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2544] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2544] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2544] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2544] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2544] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2544] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2544] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2544] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2544] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2544] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2544] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2544] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2552] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2552] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2552] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2552] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2552] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2552] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2552] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2552] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2552] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2552] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2552] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2552] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2756] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2756] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2756] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2756] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2756] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2756] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2756] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2756] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2756] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2756] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2756] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2756] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2784] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2784] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2784] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2784] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2784] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2784] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2784] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2784] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2784] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2784] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2784] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2784] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2832] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2832] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2832] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2832] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2832] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2832] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2832] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2832] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2832] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2832] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2832] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2832] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2896] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2896] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2896] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2896] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2896] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2896] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2896] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2896] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2896] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2896] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2896] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2896] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2952] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2952] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2952] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2952] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2952] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2952] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3040] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3040] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3040] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3040] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3040] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3040] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3040] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3040] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3040] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3040] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3040] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3040] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3096] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3096] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3096] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3096] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3096] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3096] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3096] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3096] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3096] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3096] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3096] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3096] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3116] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3116] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3116] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3116] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3116] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3116] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3116] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3116] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3116] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3116] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3116] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3116] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3276] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3276] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3276] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3276] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3276] KERNEL32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3276] KERNEL32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3276] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3276] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3276] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3276] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3276] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3276] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3436] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3436] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3436] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3436] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3436] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3436] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3436] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3436] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3436] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3436] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3436] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3436] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3488] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3488] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3488] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3488] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3488] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3488] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3488] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3488] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3488] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3488] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3488] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3488] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3504] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3504] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3504] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3504] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3504] KERNEL32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3504] KERNEL32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3504] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3504] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3504] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3504] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3504] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3504] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3976] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3976] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3976] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3976] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3976] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3976] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3976] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3976] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3976] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3976] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3976] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3976] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[3992] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 00357F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[3992] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 0034D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[3992] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 0035B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[3992] ntdll.dll!NtClose 77724184 5 Bytes JMP 0034D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[3992] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 00355070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[3992] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 00355C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[3992] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 00358D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[3992] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 00359D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[3992] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 00359E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[3992] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 00358AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[3992] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 003544D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[3992] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 00353BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[4000] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[4000] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[4000] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[4000] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[4000] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[4000] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[4000] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[4000] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[4000] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[4000] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[4000] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[4000] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[4020] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[4020] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[4020] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[4020] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[4020] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[4020] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[4020] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[4020] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[4020] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[4020] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[4020] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[4020] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4028] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4028] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4028] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4028] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4028] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4028] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4028] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4028] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4028] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4028] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4028] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4028] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[4068] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[4068] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[4068] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[4068] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[4068] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[4068] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[4068] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[4068] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[4068] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[4068] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[4068] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[4068] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4084] ntdll.dll!NtAllocateVirtualMemory 77723FA4 5 Bytes JMP 00780630 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\Windows\System32\notepad.exe[4700] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\notepad.exe[4700] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\notepad.exe[4700] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\notepad.exe[4700] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\notepad.exe[4700] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\notepad.exe[4700] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\notepad.exe[4700] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\notepad.exe[4700] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\notepad.exe[4700] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\notepad.exe[4700] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\notepad.exe[4700] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\notepad.exe[4700] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[5060] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[5060] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[5060] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[5060] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[5060] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[5060] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[5060] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[5060] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[5060] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[5060] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[5060] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[5060] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[5184] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 64230C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5184] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[5184] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[5184] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[5184] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[5184] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[5184] kernel32.dll!HeapSetInformation + 26 7600A8C0 7 Bytes JMP 64233FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5184] kernel32.dll!LockResource + C 76026B0B 7 Bytes JMP 64467B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5184] kernel32.dll!VirtualAllocEx + 54 7602AF70 7 Bytes JMP 64467B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5184] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[5184] GDI32.dll!SetStretchBltMode + 256 7747745C 7 Bytes JMP 64467AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5184] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[5184] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[5184] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[5184] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[5184] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5668] ntdll.dll!LdrLoadDll 776E9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5668] ntdll.dll!LdrUnloadDll 776FB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5668] ntdll.dll!NtAlpcSendWaitReceivePort 777240E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5668] ntdll.dll!NtClose 77724184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5668] kernel32.dll!CreateProcessW 75FE1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5668] kernel32.dll!CreateProcessA 75FE1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5668] GDI32.dll!DeleteDC 774768CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5668] GDI32.dll!CreateDCW 7747A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5668] GDI32.dll!CreateDCA 7747AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5668] GDI32.dll!GetPixel 7747BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5668] ADVAPI32.dll!CreateProcessAsUserA 7757CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5668] ADVAPI32.dll!CreateProcessAsUserW 77591EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74427817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7446B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7442BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7441F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7441E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [744573F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7442DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7441FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7441FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [744ACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7444C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7441D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74416853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7441687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74422AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fc6e02e4a Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fc6e02e4a@303855d27143 0x33 0x63 0x78 0x92 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fc6e02e4a@30385543d271 0xF0 0x55 0x87 0xE9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fc6e02e4a@a0f419d35aa6 0x7E 0x2A 0x12 0xC2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 (null) Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCD 0x36 0x3F 0xDE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x03 0xE4 0x39 0xF4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x68 0xCA 0x24 0x95 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fc6e02e4a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fc6e02e4a@303855d27143 0x33 0x63 0x78 0x92 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fc6e02e4a@30385543d271 0xF0 0x55 0x87 0xE9 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fc6e02e4a@a0f419d35aa6 0x7E 0x2A 0x12 0xC2 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 (null) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCD 0x36 0x3F 0xDE ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x03 0xE4 0x39 0xF4 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x68 0xCA 0x24 0x95 ... ---- Files - GMER 2.1 ---- File C:\ADSM_PData_0150 0 bytes File C:\ADSM_PData_0150\DB 0 bytes File C:\ADSM_PData_0150\DB\SI.db 624 bytes File C:\ADSM_PData_0150\DB\UL.db 16 bytes File C:\ADSM_PData_0150\DB\VL.db 16 bytes File C:\ADSM_PData_0150\DB\_avt 512 bytes File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable File C:\ADSM_PData_0150\_avt 512 bytes File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\401BD433-AD81-450E-A3DD-155EE6E29F30.data 35296 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\401BD433-AD81-450E-A3DD-155EE6E29F30.data.info 148 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes ---- EOF - GMER 2.1 ----