GMER 2.1.18952 - http://www.gmer.net Rootkit scan 2013-02-17 20:05:34 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST9250827AS rev.3.AAA 232,89GB Running: tn4t5lz8.exe; Driver: C:\Users\oem\AppData\Local\Temp\kwtoapoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8CF3CFB0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8CF3D19C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8CF3C310] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8CF3CC16] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8CF3C9CA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8CF3DD14] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8CF3BCFC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8CF3D746] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8CF3C5D8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8CF3CDF2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8CF3C872] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8CF3DA32] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8CF3C542] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8CF3C75E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x8CF3C112] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8CF3BF00] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8CF3D3CA] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 119 822C77DC 4 Bytes [B0, CF, F3, 8C] .text ntkrnlpa.exe!KeSetEvent + 13D 822C7800 4 Bytes [9C, D1, F3, 8C] .text ntkrnlpa.exe!KeSetEvent + 1C1 822C7884 4 Bytes [10, C3, F3, 8C] .text ntkrnlpa.exe!KeSetEvent + 1D9 822C789C 4 Bytes [16, CC, F3, 8C] .text ntkrnlpa.exe!KeSetEvent + 215 822C78D8 4 Bytes [CA, C9, F3, 8C] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8C20C000, 0x1E6984, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Windows\Explorer.EXE[300] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[300] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[300] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[300] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[300] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[300] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[300] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[300] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[300] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[300] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[300] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[300] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!RegisterRawInputDevices 77E46161 5 Bytes JMP 10018F00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!SetWindowsHookExA 77E46322 5 Bytes JMP 1001CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!SystemParametersInfoA 77E482E1 7 Bytes JMP 1001C690 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!GetAsyncKeyState 77E4863C 5 Bytes JMP 10019120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!SetWindowsHookExW 77E487AD 5 Bytes JMP 1001C8B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!SendNotifyMessageW 77E493D6 5 Bytes JMP 1001A160 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!MoveWindow 77E4989F 5 Bytes JMP 10018C20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!SetWinEventHook 77E49F3A 5 Bytes JMP 1001C160 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!SetParent 77E4A2AA 5 Bytes JMP 10018980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!PostThreadMessageA 77E4BD34 5 Bytes JMP 1001B980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!GetKeyboardState 77E4BD7D 5 Bytes JMP 10019680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!RegisterHotKey 77E4BDA5 5 Bytes JMP 10018140 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!EnableWindow 77E4CD8B 5 Bytes JMP 10017EA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!PostMessageA 77E4F8F8 5 Bytes JMP 1001BEC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!SendMessageA 77E4F956 5 Bytes JMP 1001B440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!SendMessageTimeoutW 77E5352D 5 Bytes JMP 1001AC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!SendMessageCallbackW 77E54570 5 Bytes JMP 1001A6A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!PostThreadMessageW 77E57C8E 5 Bytes JMP 1001B6E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!GetKeyState 77E58CB1 5 Bytes JMP 100193D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!PostMessageW 77E5A175 5 Bytes JMP 1001BC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!SendMessageW 77E60AED 5 Bytes JMP 1001B1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!SystemParametersInfoW 77E611D8 7 Bytes JMP 1001C470 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!SendDlgItemMessageA 77E6275B 5 Bytes JMP 10019EB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!SetClipboardViewer 77E6BA2D 5 Bytes JMP 10018780 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!SendNotifyMessageA 77E6DFCF 5 Bytes JMP 1001A400 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!BlockInput 77E6FF0A 5 Bytes JMP 10018580 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!SendMessageTimeoutA 77E70006 5 Bytes JMP 1001AEE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!mouse_event 77E7044E 5 Bytes JMP 100297C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!SendDlgItemMessageW 77E70E38 5 Bytes JMP 10019C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!SendInput 77E72F75 5 Bytes JMP 10019930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!GetClipboardData 77E8715A 5 Bytes JMP 10018370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!ExitWindowsEx 77E8B7C3 5 Bytes JMP 10017C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!keybd_event 77E9D972 5 Bytes JMP 100299D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] USER32.dll!SendMessageCallbackA 77EA2CA7 5 Bytes JMP 1001A960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] GDI32.dll!BitBlt 771070A6 5 Bytes JMP 10029530 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] GDI32.dll!StretchBlt 771093D6 5 Bytes JMP 10028D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] GDI32.dll!MaskBlt 7710C5CB 5 Bytes JMP 10029280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\wininit.exe[600] GDI32.dll!PlgBlt 7711EB50 5 Bytes JMP 10028FF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[648] services.exe 00D21628 4 Bytes [20, E2, 01, 10] {AND DL, AH; ADD [EAX], EDX} .text C:\Windows\system32\services.exe[648] services.exe 00D21638 4 Bytes [00, DD, 01, 10] {ADD CH, BL; ADD [EAX], EDX} .text C:\Windows\system32\services.exe[648] services.exe 00D21658 4 Bytes [40, E5, 01, 10] .text C:\Windows\system32\services.exe[648] services.exe 00D21668 4 Bytes [80, DF, 01, 10] .text C:\Windows\system32\services.exe[648] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[648] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[648] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[648] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[648] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[648] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[648] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[648] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[648] RPCRT4.dll!RpcServerRegisterIfEx 7786929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[648] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[648] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[648] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[648] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[664] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[664] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[664] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[664] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[664] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[664] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[664] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[664] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[672] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[672] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[672] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[672] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[672] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[672] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[672] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[672] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[672] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[672] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[864] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[864] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[864] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[864] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[864] RPCRT4.dll!RpcServerRegisterIfEx 7786929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[864] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[864] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[864] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[864] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[920] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[920] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[920] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[920] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[920] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[920] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[920] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[920] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[920] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[920] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[920] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[920] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[924] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[924] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[924] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[924] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[924] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[924] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[924] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[924] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[924] RPCRT4.dll!RpcServerRegisterIfEx 7786929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[924] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[924] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[924] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[924] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[924] rpcss.dll!WhichService 75463F84 8 Bytes JMP EDF01001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[972] ntdll.dll!NtAllocateVirtualMemory 77CE3FA4 5 Bytes JMP 00534850 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[972] ntdll.dll!NtCreateFile 77CE4244 5 Bytes JMP 0054ECA0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1000] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1000] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1000] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1000] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1000] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1000] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1000] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1000] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1000] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1000] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1000] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehtray.exe[1000] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1048] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1048] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1048] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1048] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1048] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1064] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1064] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1064] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1064] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1064] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1064] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1064] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1064] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1064] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1064] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1104] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1104] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1104] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1104] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1104] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1104] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1104] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1104] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1104] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1104] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1104] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[1104] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[1108] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[1108] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[1108] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[1108] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[1108] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[1108] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[1108] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[1108] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[1108] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[1108] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[1108] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[1108] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1148] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1148] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1148] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1148] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1148] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1148] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1148] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1148] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1148] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1148] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1148] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1148] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1192] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1192] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1192] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1192] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1192] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1192] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1192] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1228] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1228] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1228] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1228] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1228] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1228] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1228] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1228] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1228] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1228] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1228] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1228] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1240] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1240] RPCRT4.dll!RpcServerRegisterIfEx 7786929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1240] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1240] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1240] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1240] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1312] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1312] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1312] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1312] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1312] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1312] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1312] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1312] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1312] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1312] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1312] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1312] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1336] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[1348] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[1348] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[1348] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[1348] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[1348] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[1348] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[1348] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[1348] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[1348] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[1348] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[1348] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4P\P4P.exe[1348] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe[1396] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1420] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1420] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1420] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1420] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1420] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1420] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1420] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1420] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1420] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1420] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1420] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1420] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1452] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1452] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1452] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1452] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1452] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1452] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1452] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1452] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1452] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1452] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1452] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Ati2evxx.exe[1452] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1484] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1484] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1484] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1484] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1484] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1484] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1768] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1768] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1768] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1768] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1768] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1768] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1768] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1768] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1768] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1768] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1768] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1768] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1780] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1780] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1780] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1780] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1780] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1780] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1780] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1780] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1780] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1780] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1780] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1780] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1804] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1804] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1804] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1804] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1804] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1804] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1804] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1804] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1804] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1804] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1804] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1804] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1888] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1888] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1888] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1888] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1888] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1888] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1888] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1888] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1888] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1888] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1888] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1888] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1896] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1896] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1896] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1896] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1896] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1896] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1896] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1896] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1896] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1896] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1896] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[1896] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1944] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1944] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1944] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1944] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1944] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1944] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1944] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1944] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1944] RPCRT4.dll!RpcServerRegisterIfEx 7786929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1944] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1944] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1944] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1944] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2096] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2096] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2096] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2096] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2096] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2096] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2096] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2096] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2096] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2096] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2096] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\SYSTEM32\taskeng.exe[2096] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2116] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 00257F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2116] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 0024D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2116] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 0025B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2116] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 0024D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2116] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 00255070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2116] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 00255C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2116] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 002544D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2116] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 00253BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2116] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 00258D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2116] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 00259D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2116] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 00259E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2116] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 00258AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2124] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2124] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2124] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2124] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2124] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2124] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2124] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2124] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2124] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2124] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2124] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATKOSD2\ATKOSD2.exe[2124] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2132] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2132] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2132] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2132] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2132] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2132] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2132] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2132] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2132] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2132] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2132] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Wireless Console 2\wcourier.exe[2132] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2140] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2140] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2140] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2140] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2140] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2140] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2140] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2140] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2140] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2140] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2140] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\P4G\BatteryLife.exe[2140] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2148] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 01917F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2148] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 0190D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2148] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 0191B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2148] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 0190D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2148] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 01915070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2148] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 01915C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2148] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 01918D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2148] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 01919D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2148] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 01919E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2148] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 01918AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2148] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 019144D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\Splendid\ACMON.exe[2148] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 01913BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2204] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2268] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2268] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2268] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2268] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2268] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2268] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2268] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2268] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2268] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2268] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2268] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2268] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2292] ntdll.dll!NtAllocateVirtualMemory 77CE3FA4 5 Bytes JMP 00780630 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2304] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2304] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2304] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2304] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2304] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2304] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2304] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2304] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2304] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2304] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2304] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\WUDFHost.exe[2304] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[2340] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[2340] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[2340] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[2340] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[2340] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[2340] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[2340] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[2340] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[2340] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[2340] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[2340] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ASScrPro.exe[2340] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[2356] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[2356] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[2356] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[2356] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[2356] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[2356] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[2356] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[2356] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[2356] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[2356] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[2356] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[2356] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2396] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2396] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2396] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2396] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2396] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2396] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2396] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2396] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2396] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2396] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2396] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[2396] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2408] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2408] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2408] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2408] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2408] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2408] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2408] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2408] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2408] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2408] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2408] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\ACEngSvr.exe[2408] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2416] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2416] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2416] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2416] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2416] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2416] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2416] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2416] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2416] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2416] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2416] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2416] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2436] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2436] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2436] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2436] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2436] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2436] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2436] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2436] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2436] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2436] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2436] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2436] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2516] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2516] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2516] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2516] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2516] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2516] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2516] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2516] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2516] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2516] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2516] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2516] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2576] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2576] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2576] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2576] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2576] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2576] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2576] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2576] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2576] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2576] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2576] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\ATKOSD.exe[2576] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2592] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2592] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2592] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2592] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2592] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2592] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2592] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2592] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2592] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2592] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2592] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2592] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2636] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2636] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2636] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2636] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2636] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2636] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2636] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2636] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2636] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2636] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2636] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2636] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2676] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2676] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2676] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2676] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2676] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2676] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2676] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2676] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2676] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2676] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2676] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2676] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2752] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2752] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2752] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2752] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2752] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2752] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2804] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2804] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2804] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2804] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2804] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2804] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2804] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2804] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2804] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2804] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2804] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2804] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2832] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2832] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2832] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2832] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2832] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2832] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2832] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2832] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2832] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2832] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2832] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[2832] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2896] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2896] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2896] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2896] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2896] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2896] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2896] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2896] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2896] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2896] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2896] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2896] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2944] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2944] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2944] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2944] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2944] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2944] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2944] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2944] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2944] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2944] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2944] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2944] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3004] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3004] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3004] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3004] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3004] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3004] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3004] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3004] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3004] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3004] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3004] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3004] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3064] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3064] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3064] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3064] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3064] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3064] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3064] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3064] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3064] USER32.dll!InSendMessageEx + 4C9 77E4E7C8 7 Bytes JMP 6CA9DF63 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3064] USER32.dll!CreateWindowExW + AA 77E513AF 7 Bytes JMP 6CA9DEF2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3064] USER32.dll!GetWindowInfo 77E5428E 5 Bytes JMP 6C8E4536 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3064] USER32.dll!SetMenuItemBitmaps + 71 77E614EE 7 Bytes JMP 6C8E4B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3064] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3064] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3064] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3064] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3072] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3072] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3072] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3072] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3072] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3072] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3072] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3072] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3072] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3072] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3072] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATK Hotkey\KBFiltr.exe[3072] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3100] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3100] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3100] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3100] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3100] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3100] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3100] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3100] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3100] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3100] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3100] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3100] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3144] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3144] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3144] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3144] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3144] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3144] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3144] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3144] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3144] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3144] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3144] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3144] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3344] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3344] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3344] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3344] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3344] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3344] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3344] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3344] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3344] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3344] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3344] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3344] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[3872] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[3872] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[3872] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[3872] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[3872] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[3872] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[3872] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[3872] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[3872] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[3872] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[3872] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\ehome\ehmsas.exe[3872] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3884] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3884] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3884] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3884] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3884] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3884] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3884] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3884] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3884] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3884] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3884] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3884] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4052] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4052] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4052] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4052] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4052] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4052] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4052] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4052] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4052] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4052] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4052] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4052] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[4068] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 00347F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[4068] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 0033D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[4068] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 0034B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[4068] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 0033D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[4068] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 00345070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[4068] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 00345C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[4068] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 00348D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[4068] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 00349D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[4068] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 00349E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[4068] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 00348AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[4068] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 003444D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ASUS\ATK Media\DMedia.exe[4068] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 00343BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[4780] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[4780] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[4780] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[4780] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[4780] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[4780] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[4780] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[4780] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[4780] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[4780] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[4780] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\oem\Desktop\tn4t5lz8.exe[4780] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[4988] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 6C790C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4988] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[4988] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[4988] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[4988] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[4988] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[4988] kernel32.dll!HeapSetInformation + 26 77A0A8C0 7 Bytes JMP 6C793FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4988] kernel32.dll!LockResource + C 77A26B0B 7 Bytes JMP 6C9C7B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4988] kernel32.dll!VirtualAllocEx + 54 77A2AF70 7 Bytes JMP 6C9C7B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4988] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[4988] GDI32.dll!SetStretchBltMode + 256 7710745C 7 Bytes JMP 6C9C7AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4988] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[4988] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[4988] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[4988] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[4988] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5508] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5508] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5508] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5508] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5508] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5508] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5508] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5508] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5508] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5508] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5508] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wuauclt.exe[5508] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conime.exe[5780] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conime.exe[5780] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conime.exe[5780] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conime.exe[5780] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conime.exe[5780] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conime.exe[5780] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conime.exe[5780] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conime.exe[5780] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conime.exe[5780] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conime.exe[5780] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conime.exe[5780] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conime.exe[5780] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtCreateFile + 6 77CE424A 4 Bytes [28, 00, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtCreateFile + B 77CE424F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtCreateKey + 6 77CE428A 4 Bytes [68, 01, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtCreateKey + B 77CE428F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtCreateMutant + 6 77CE42BA 4 Bytes [28, 02, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtCreateMutant + B 77CE42BF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtCreateSection + 6 77CE433A 4 Bytes [68, 02, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtCreateSection + B 77CE433F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtMapViewOfSection + 6 77CE499A 4 Bytes [A8, 04, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtMapViewOfSection + B 77CE499F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtOpenFile + 6 77CE4A2A 4 Bytes [68, 00, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtOpenFile + B 77CE4A2F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtOpenKey + 6 77CE4A5A 4 Bytes [A8, 01, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtOpenKey + B 77CE4A5F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtOpenMutant + B 77CE4A7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtOpenProcess + 6 77CE4AAA 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtOpenProcess + 6 77CE4AAA 4 Bytes [28, 03, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtOpenProcess + B 77CE4AAF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtOpenProcessToken + 6 77CE4ABA 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtOpenProcessToken + 6 77CE4ABA 4 Bytes [68, 03, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtOpenProcessToken + B 77CE4ABF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtOpenProcessTokenEx + 6 77CE4ACA 4 Bytes [28, 04, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtOpenProcessTokenEx + B 77CE4ACF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtOpenSection + 6 77CE4ADA 4 Bytes [A8, 02, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtOpenSection + B 77CE4ADF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtOpenThread + B 77CE4B1F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtOpenThreadToken + 6 77CE4B2A 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtOpenThreadToken + B 77CE4B2F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtOpenThreadTokenEx + 6 77CE4B3A 4 Bytes [68, 04, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtOpenThreadTokenEx + B 77CE4B3F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtQueryAttributesFile + 6 77CE4BCA 4 Bytes [A8, 00, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtQueryAttributesFile + B 77CE4BCF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtQueryFullAttributesFile + B 77CE4C7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtSetInformationFile + 6 77CE515A 4 Bytes [28, 01, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtSetInformationFile + B 77CE515F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtSetInformationThread + 6 77CE51AA 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtSetInformationThread + 6 77CE51AA 4 Bytes [A8, 03, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtSetInformationThread + B 77CE51AF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ntdll.dll!NtUnmapViewOfSection + B 77CE544F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] kernel32.dll!OpenEventW 779FC033 5 Bytes JMP 00010070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] kernel32.dll!CreateEventW 77A2B87E 5 Bytes JMP 00010030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!DeleteObject 77105A37 5 Bytes JMP 000801B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!GetDeviceCaps 7710617F 5 Bytes JMP 000803B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!SelectObject 771062A0 5 Bytes JMP 000805F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!SetTextColor 7710666B 5 Bytes JMP 00080A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!SetBkMode 77106716 5 Bytes JMP 000808F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!GetCurrentObject 77106B58 5 Bytes JMP 00080370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!SetStretchBltMode 77107206 5 Bytes JMP 000806B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!SaveDC 771075BA 5 Bytes JMP 00080570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!RestoreDC 77107675 5 Bytes JMP 00080530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!StretchDIBits 771078CF 5 Bytes JMP 00080770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!ExtSelectClipRgn 771079F8 5 Bytes JMP 000802F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!SelectClipRgn 77107AF9 5 Bytes JMP 000805B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!MoveToEx 77107C33 5 Bytes JMP 00080470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!Rectangle 77107EA9 5 Bytes JMP 000809B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!GetTextAlign 771082E0 5 Bytes JMP 00080D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!SetTextAlign 771085CB 5 Bytes JMP 000809F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!ExtTextOutW 7710872B 5 Bytes JMP 00080970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!GetTextMetricsW 77108A81 5 Bytes JMP 00080E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!IntersectClipRect 77108B64 5 Bytes JMP 000803F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!GetClipBox 77109071 5 Bytes JMP 00080330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!SetICMMode 771094E7 5 Bytes JMP 00080DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!CreateICW 7710B2E9 5 Bytes JMP 00080130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!GetTextFaceW 7710B637 5 Bytes JMP 00080D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!GetFontData 7710BA6C 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!GetFontData 7710BA6C 5 Bytes JMP 00080C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!GetTextExtentPoint32W 7710C01A 5 Bytes JMP 00080670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!SetWorldTransform 7710C46A 5 Bytes JMP 000806F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!LineTo 7710C65E 5 Bytes JMP 00080430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!GetTextMetricsA 7710CCEB 5 Bytes JMP 00080DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!ExtTextOutA 771100A5 5 Bytes JMP 00080930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!GetTextExtentPoint32A 77110E58 5 Bytes JMP 00080630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!ExtEscape 771122A7 5 Bytes JMP 000802B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!Escape 771127F1 5 Bytes JMP 00080270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!ResetDCW 77113132 5 Bytes JMP 00080AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!EndPage 7711375E 5 Bytes JMP 00080230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!SetPolyFillMode 771161D3 5 Bytes JMP 00080B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!SetMiterLimit 771162E2 5 Bytes JMP 00080B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!GetTextFaceA 7711F4C5 5 Bytes JMP 00080CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!GetGlyphOutlineW 7712A41F 5 Bytes JMP 00080CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!CreateScalableFontResourceW 7712C88B 5 Bytes JMP 00080BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!AddFontResourceW 7712CC93 5 Bytes JMP 00080BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!RemoveFontResourceW 7712D129 5 Bytes JMP 00080C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!AbortDoc 77132CC4 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!EndDoc 771330D8 5 Bytes JMP 000801F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!StartPage 771331C3 5 Bytes JMP 00080730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!StartDocW 77133CA7 5 Bytes JMP 000807F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!BeginPath 77134465 5 Bytes JMP 00080830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!SelectClipPath 771344BC 5 Bytes JMP 00080AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!CloseFigure 77134517 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!EndPath 7713456E 5 Bytes JMP 00080A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!StrokePath 771347A0 5 Bytes JMP 000807B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!FillPath 7713482C 5 Bytes JMP 00080870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!PolylineTo 77134C95 5 Bytes JMP 000804F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!PolyBezierTo 77134D25 5 Bytes JMP 000804B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] GDI32.dll!PolyDraw 77134DD6 5 Bytes JMP 000808B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!SetCursor 77E4D37D 5 Bytes JMP 00090530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!RegisterClipboardFormatW 77E4D6AC 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!RegisterClipboardFormatW 77E4D6AC 5 Bytes JMP 000902B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!ActivateKeyboardLayout 77E5478C 5 Bytes JMP 000904F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!IsWindowVisible 77E5878A 7 Bytes JMP 000906B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!MonitorFromWindow 77E588D4 7 Bytes JMP 00090630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!ScreenToClient 77E58C56 7 Bytes JMP 00090670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!GetClientRect 77E58F0D 7 Bytes JMP 000905B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!GetParent 77E590AA 7 Bytes JMP 000906F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!RegisterClipboardFormatA 77E5A111 5 Bytes JMP 000902F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!PostMessageW 77E5A175 5 Bytes JMP 000905F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!MapWindowPoints 77E5A30D 5 Bytes JMP 00090570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!GetClipboardFormatNameA 77E5A552 5 Bytes JMP 00090270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!GetOpenClipboardWindow 77E626A6 5 Bytes JMP 000903F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!SetClipboardViewer 77E6BA2D 5 Bytes JMP 000904B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!IsClipboardFormatAvailable 77E6C2E3 5 Bytes JMP 000900F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!CloseClipboard 77E6C2F7 5 Bytes JMP 000900B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!OpenClipboard 77E6C31D 5 Bytes JMP 00090070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!GetTopWindow 77E6CE0A 7 Bytes JMP 00090730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!GetClipboardSequenceNumber 77E6D8B7 5 Bytes JMP 00090330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!ChangeClipboardChain 77E6DF83 5 Bytes JMP 00090430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!CountClipboardFormats 77E70048 5 Bytes JMP 000901F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!GetClipboardOwner 77E726EF 5 Bytes JMP 00090370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!SetClipboardData 77E86410 5 Bytes JMP 00090170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!EnumClipboardFormats 77E86D16 5 Bytes JMP 000901B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!SetCursorPos 77E86FB2 5 Bytes JMP 00090770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!GetClipboardData 77E8715A 5 Bytes JMP 00090030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!GetClipboardFormatNameW 77E8A99F 5 Bytes JMP 00090230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!EmptyClipboard 77EA398B 5 Bytes JMP 00090130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!GetClipboardViewer 77EA39ED 5 Bytes JMP 00090470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] USER32.dll!GetPriorityClipboardFormat 77EA3AEF 5 Bytes JMP 000903B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ole32.dll!OleGetClipboard 774074C9 5 Bytes JMP 000A00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ole32.dll!OleSetClipboard 774311E3 5 Bytes JMP 000A0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] ole32.dll!OleIsCurrentClipboard 7743A8F9 5 Bytes JMP 000A0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] Secur32.dll!FreeContextBuffer 761B2D83 5 Bytes JMP 000C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] Secur32.dll!DeleteSecurityContext 761B2F18 5 Bytes JMP 000C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] Secur32.dll!FreeCredentialsHandle 761B3598 5 Bytes JMP 000C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] Secur32.dll!EncryptMessage 761B3745 5 Bytes JMP 000C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] Secur32.dll!DecryptMessage 761B3813 5 Bytes JMP 000C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] Secur32.dll!InitializeSecurityContextA 761B87DF 5 Bytes JMP 000C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] Secur32.dll!AcquireCredentialsHandleA 761B8A43 5 Bytes JMP 000C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] Secur32.dll!QueryContextAttributesA 761B8E77 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] Secur32.dll!ApplyControlToken 761BDE4F 5 Bytes JMP 000C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] Secur32.dll!QueryCredentialsAttributesA 761BE052 5 Bytes JMP 000C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[6024] ntdll.dll!LdrLoadDll 77CA9378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[6024] ntdll.dll!LdrUnloadDll 77CBB680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[6024] ntdll.dll!NtAlpcSendWaitReceivePort 77CE40E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[6024] ntdll.dll!NtClose 77CE4184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[6024] kernel32.dll!CreateProcessW 779E1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[6024] kernel32.dll!CreateProcessA 779E1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[6024] GDI32.dll!DeleteDC 771068CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[6024] GDI32.dll!CreateDCW 7710A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[6024] GDI32.dll!CreateDCA 7710AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[6024] GDI32.dll!GetPixel 7710BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[6024] ADVAPI32.dll!CreateProcessAsUserA 763FCEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[6024] ADVAPI32.dll!CreateProcessAsUserW 76411EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749E7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74A2B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [749EBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [749DF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749E75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [749DE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74A173F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [749EDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [749DFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [749DFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749D71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74A6CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74A0C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [749DD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [749D6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749D687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [749E2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00010110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetKeyState] 000907D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] @ C:\Windows\system32\ole32.dll [USER32.dll!GetKeyState] 000907D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00010110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00010110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 00090790 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[5900] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 000907D0 ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fc6e02e4a Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fc6e02e4a@303855d27143 0x33 0x63 0x78 0x92 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fc6e02e4a@30385543d271 0xF0 0x55 0x87 0xE9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fc6e02e4a@a0f419d35aa6 0x7E 0x2A 0x12 0xC2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 (null) Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCD 0x36 0x3F 0xDE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x03 0xE4 0x39 0xF4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x68 0xCA 0x24 0x95 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fc6e02e4a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fc6e02e4a@303855d27143 0x33 0x63 0x78 0x92 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fc6e02e4a@30385543d271 0xF0 0x55 0x87 0xE9 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fc6e02e4a@a0f419d35aa6 0x7E 0x2A 0x12 0xC2 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 (null) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCD 0x36 0x3F 0xDE ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x03 0xE4 0x39 0xF4 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x68 0xCA 0x24 0x95 ... ---- Files - GMER 2.1 ---- File C:\ADSM_PData_0150 0 bytes File C:\ADSM_PData_0150\DB 0 bytes File C:\ADSM_PData_0150\DB\SI.db 624 bytes File C:\ADSM_PData_0150\DB\UL.db 16 bytes File C:\ADSM_PData_0150\DB\VL.db 16 bytes File C:\ADSM_PData_0150\DB\_avt 512 bytes File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable File C:\ADSM_PData_0150\_avt 512 bytes File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\401BD433-AD81-450E-A3DD-155EE6E29F30.data 35296 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\401BD433-AD81-450E-A3DD-155EE6E29F30.data.info 148 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes ---- EOF - GMER 2.1 ----