GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-12-26 21:35:37 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HTS541010G9AT00 rev.MBZOA60A Running: fg7ndl6h.exe; Driver: C:\Users\BROWAR\AppData\Local\Temp\ufdiipob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8AC40FA6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8AC41192] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8AC40306] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8AC40C0C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8AC409C0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8AC41D0A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8AC3FCF2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8AC413C0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8AC4173C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8AC405CE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8AC40DE8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8AC40868] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8AC41A28] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8AC40538] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8AC40754] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x8AC40108] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8AC3FEF6] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 81A76369 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81AAFD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 81AB6D8C 4 Bytes [A6, 0F, C4, 8A] .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 81AB6DB4 4 Bytes [92, 11, C4, 8A] .text ntkrnlpa.exe!KeRemoveQueueEx + 1193 81AB6E48 4 Bytes [06, 03, C4, 8A] .text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 81AB6E64 4 Bytes [0C, 0C, C4, 8A] .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 81AB6EAC 4 Bytes [C0, 09, C4, 8A] .text ... .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA2B04300, 0x1B7E, 0xE8000020] PAGE spsys.sys!?SPRevision@@3PADA + 4F90 AAB97000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 AAB97123 629 Bytes [25, B9, AA, FE, 05, 34, 25, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 AAB97399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F AAB973FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B AAB974AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... .text advapi32.dll!CreateProcessAsUserA 77212538 5 Bytes [E9, 53, 1E, E1, 98] {JMP 0xffffffff98e11e58} .text gdi32.dll!DeleteDC 76DF6EAA 5 Bytes [E9, 11, 1D, 23, 99] {JMP 0xffffffff99231d16} .text gdi32.dll!GetPixel 76DFC3D5 5 Bytes [E9, B6, C5, 22, 99] {JMP 0xffffffff9922c5bb} .text gdi32.dll!CreateDCA 76DFCCA9 5 Bytes [E9, 12, D0, 22, 99] {JMP 0xffffffff9922d017} .text gdi32.dll!CreateDCW 76DFCF79 5 Bytes [E9, 42, CC, 22, 99] {JMP 0xffffffff9922cc47} .text kernel32.dll!CreateProcessW 75C0204D 5 Bytes [E9, DE, 2E, 42, 9A] {JMP 0xffffffff9a422ee3} .text kernel32.dll!CreateProcessA 75C02082 5 Bytes [E9, 39, 3A, 42, 9A] {JMP 0xffffffff9a423a3e} .text kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes [E9, AC, E0, 3E, 9A] {JMP 0xffffffff9a3ee0b1} ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\csrss.exe[376] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 75231BA0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[376] ntdll.dll!NtReplyWaitReceivePort 77096418 5 Bytes JMP 75231450 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[376] ntdll.dll!NtReplyWaitReceivePortEx 77096428 5 Bytes JMP 752317F0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!RegisterRawInputDevices 75FB5B52 5 Bytes JMP 10018E60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!SystemParametersInfoA 75FB80E0 7 Bytes JMP 1001C5F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!SetParent 75FB8314 5 Bytes JMP 100188E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!EnableWindow 75FB8D02 5 Bytes JMP 10017E00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!MoveWindow 75FB8D29 5 Bytes JMP 10018B80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!GetAsyncKeyState 75FBA256 5 Bytes JMP 10019080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!RegisterHotKey 75FBAA19 5 Bytes JMP 100180A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!PostThreadMessageA 75FBAD09 5 Bytes JMP 1001B8E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!SendMessageA 75FBAD60 5 Bytes JMP 1001B3A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!PostMessageA 75FBB446 5 Bytes JMP 1001BE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!SendNotifyMessageW 75FBC88A 5 Bytes JMP 1001A0C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!SystemParametersInfoW 75FBE09A 7 Bytes JMP 1001C3D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!SetWindowsHookExW 75FBE30C 1 Byte [E9] .text C:\Windows\system32\wininit.exe[436] USER32.dll!SetWindowsHookExW 75FBE30C 5 Bytes JMP 1001C810 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!SendMessageTimeoutW 75FBE459 5 Bytes JMP 1001AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!PostThreadMessageW 75FBEEFC 5 Bytes JMP 1001B640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!SetWinEventHook 75FC24DC 5 Bytes JMP 1001C0C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!GetKeyState 75FC2B4D 5 Bytes JMP 10019330 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!SendMessageCallbackW 75FC2F7B 5 Bytes JMP 1001A600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!PostMessageW 75FC447B 5 Bytes JMP 1001BB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!SendMessageW 75FC5539 5 Bytes JMP 1001B100 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!GetClipboardData 75FD2BA7 5 Bytes JMP 100182D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!SendNotifyMessageA 75FD493C 5 Bytes JMP 1001A360 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!mouse_event 75FD6209 5 Bytes JMP 10029670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!SetClipboardViewer 75FD6FF6 5 Bytes JMP 100186E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!SendDlgItemMessageW 75FD70D8 5 Bytes JMP 10019B60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!SendDlgItemMessageA 75FD7241 5 Bytes JMP 10019E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!GetKeyboardState 75FE6946 5 Bytes JMP 100195E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!BlockInput 75FE6A99 5 Bytes JMP 100184E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!SetWindowsHookExA 75FE6D0C 5 Bytes JMP 1001CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!SendMessageTimeoutA 75FE6DA9 5 Bytes JMP 1001AE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!SendInput 75FE7019 5 Bytes JMP 10019890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!ExitWindowsEx 760006C7 5 Bytes JMP 10017BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!keybd_event 7600EC3B 5 Bytes JMP 10029880 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] USER32.dll!SendMessageCallbackA 76013E8B 5 Bytes JMP 1001A8C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] GDI32.dll!BitBlt 76DF72C0 5 Bytes JMP 100293E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] GDI32.dll!MaskBlt 76DFC7AD 5 Bytes JMP 10029130 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] GDI32.dll!StretchBlt 76DFF467 5 Bytes JMP 10028C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] GDI32.dll!PlgBlt 76E10F73 5 Bytes JMP 10028EA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[436] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[444] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 75231BA0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[444] ntdll.dll!NtReplyWaitReceivePort 77096418 5 Bytes JMP 75231450 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[444] ntdll.dll!NtReplyWaitReceivePortEx 77096428 5 Bytes JMP 752317F0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[468] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[468] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[468] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[468] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[468] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[468] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[468] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[468] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[468] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[468] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[468] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[468] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[524] services.exe 006A1608 4 Bytes [80, E1, 01, 10] .text C:\Windows\system32\services.exe[524] services.exe 006A1618 4 Bytes [60, DC, 01, 10] .text C:\Windows\system32\services.exe[524] services.exe 006A1638 4 Bytes [A0, E4, 01, 10] .text C:\Windows\system32\services.exe[524] services.exe 006A1648 4 Bytes [E0, DE, 01, 10] {LOOPNZ 0xffffffffffffffe0; ADD [EAX], EDX} .text C:\Windows\system32\services.exe[524] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[524] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[524] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[524] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[524] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[524] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[524] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[524] RPCRT4.dll!RpcServerRegisterIfEx 75D809BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[524] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[524] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[524] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[524] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[524] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[540] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[540] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[540] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[540] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[540] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[540] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[540] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[540] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[540] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[540] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[540] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[540] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[548] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[548] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[548] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[548] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[548] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[548] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[548] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[548] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[548] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[548] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[548] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[548] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[672] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[672] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[672] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[672] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[672] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[672] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[672] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[672] RPCRT4.dll!RpcServerRegisterIfEx 75D809BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[672] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[672] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[672] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[672] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[672] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[744] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[744] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[744] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[744] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[744] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[744] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[744] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[744] RPCRT4.dll!RpcServerRegisterIfEx 75D809BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[744] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[744] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[744] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[744] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[744] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[744] rpcss.dll!CoGetComCatalog 747635EC 8 Bytes JMP ED501001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[792] ntdll.dll!NtAllocateVirtualMemory 770952D8 5 Bytes JMP 00530250 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[792] ntdll.dll!NtCreateFile 770955C8 5 Bytes JMP 00549CD0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[956] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[956] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[956] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[956] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[956] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[956] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[956] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[956] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[992] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[992] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[992] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[992] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[992] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[992] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[992] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[992] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[992] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[992] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[992] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[992] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1032] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1032] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1032] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1032] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1032] RPCRT4.dll!RpcServerRegisterIfEx 75D809BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1032] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1032] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1032] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1032] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1092] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1092] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1092] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1092] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1092] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1092] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1092] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1092] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1092] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1092] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1092] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1092] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1172] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1172] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1172] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1172] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1172] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1172] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1172] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1172] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1172] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1172] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1172] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1208] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1208] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1208] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1208] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1208] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1208] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1208] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1208] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1208] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1208] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1208] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1208] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] ntdll.dll!NtAllocateVirtualMemory 770952D8 5 Bytes JMP 007752B0 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1264] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1264] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1264] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1264] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1264] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1264] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1264] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1264] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1264] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1264] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1264] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1264] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1368] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1368] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1368] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1368] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1368] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1368] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1368] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1368] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1368] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1368] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1368] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1368] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1476] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1476] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1476] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1476] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1476] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1476] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1476] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1476] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1476] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1476] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1476] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1476] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1496] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1496] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1496] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1496] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1496] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1496] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1496] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1496] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1496] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1496] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1496] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1496] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1532] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1532] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1532] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1532] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1532] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1532] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1532] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1532] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1532] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1532] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1532] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1532] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1568] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1568] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1568] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1568] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1568] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1568] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1568] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1568] RPCRT4.dll!RpcServerRegisterIfEx 75D809BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1568] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1568] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1568] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1568] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1568] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1604] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1604] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1604] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1604] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1604] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1604] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1604] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1604] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1604] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1604] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1604] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1604] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1636] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1636] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1636] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1636] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1636] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1636] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1636] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1636] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1636] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1636] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1636] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1636] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1720] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 0056B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1720] ntdll.dll!NtClose 770954C8 5 Bytes JMP 0055D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1720] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 0055D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1720] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 00567DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1720] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 00564F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1720] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 00565AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1720] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 00563A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1720] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 00568BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1720] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 00568990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1720] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 00569CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1720] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 00569BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1720] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 00564390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1764] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1764] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1764] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1764] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1764] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1764] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1764] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1764] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1764] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1764] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1764] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1764] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1880] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1880] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1880] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1880] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1880] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1880] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1880] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1880] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1880] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1880] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1880] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1880] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1916] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1916] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1916] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1916] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1916] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1916] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1916] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1916] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1916] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1916] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1916] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1916] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1936] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1936] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1936] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1936] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1936] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1936] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1936] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1936] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1936] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1936] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1936] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1936] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Acer\Empowering Technology\ePower\ePowerSvc.exe[1956] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Acer\Empowering Technology\ePower\ePowerSvc.exe[1956] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Acer\Empowering Technology\ePower\ePowerSvc.exe[1956] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Acer\Empowering Technology\ePower\ePowerSvc.exe[1956] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Acer\Empowering Technology\ePower\ePowerSvc.exe[1956] KERNEL32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Acer\Empowering Technology\ePower\ePowerSvc.exe[1956] KERNEL32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Acer\Empowering Technology\ePower\ePowerSvc.exe[1956] KERNEL32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Acer\Empowering Technology\ePower\ePowerSvc.exe[1956] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Acer\Empowering Technology\ePower\ePowerSvc.exe[1956] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Acer\Empowering Technology\ePower\ePowerSvc.exe[1956] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Acer\Empowering Technology\ePower\ePowerSvc.exe[1956] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Acer\Empowering Technology\ePower\ePowerSvc.exe[1956] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2112] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2112] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2112] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2112] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2112] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2112] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2112] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2112] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2112] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2112] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2112] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2112] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[2164] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[2164] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[2164] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[2164] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[2164] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[2164] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[2164] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[2164] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[2164] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[2164] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[2164] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[2164] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fg7ndl6h.exe[2380] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fg7ndl6h.exe[2380] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fg7ndl6h.exe[2380] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fg7ndl6h.exe[2380] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fg7ndl6h.exe[2380] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fg7ndl6h.exe[2380] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fg7ndl6h.exe[2380] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fg7ndl6h.exe[2380] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fg7ndl6h.exe[2380] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fg7ndl6h.exe[2380] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fg7ndl6h.exe[2380] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fg7ndl6h.exe[2380] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2728] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2728] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2728] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2728] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2728] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2728] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2728] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2728] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2728] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2728] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2728] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2728] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[2752] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[2752] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[2752] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[2752] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[2752] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[2752] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[2752] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[2752] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[2752] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[2752] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[2752] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[2752] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2796] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2796] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2796] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2796] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2796] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2796] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2796] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2796] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2796] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2796] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2796] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2796] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2952] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2952] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2952] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2952] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2952] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2952] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2952] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2952] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2952] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2952] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2952] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2952] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ntdll.dll!NtAllocateVirtualMemory 770952D8 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ntdll.dll!NtCreateFile 770955C8 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ntdll.dll!NtCreateProcess 77095698 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ntdll.dll!NtCreateProcessEx 770956A8 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ntdll.dll!NtDeleteFile 77095808 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ntdll.dll!NtFreeVirtualMemory 770959D8 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ntdll.dll!NtLoadDriver 77095B58 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ntdll.dll!NtOpenFile 77095CD8 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ntdll.dll!NtProtectVirtualMemory 77095F18 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ntdll.dll!NtSetInformationProcess 77096678 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ntdll.dll!NtUnloadDriver 77096958 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ntdll.dll!NtWriteVirtualMemory 77096A98 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ntdll.dll!KiUserExceptionDispatcher 77097008 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ntdll.dll!RtlAllocateHeap 770A2DD6 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ntdll.dll!LdrGetProcedureAddress 770B228D 5 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 6A5AB750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!CopyFileW 75C36AF7 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!CopyFileExW 75C3B238 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!DeleteFileW 75C416EF 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!VirtualProtect 75C42BCD 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!DeleteFileA 75C44382 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!LoadLibraryExA 75C44466 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!LoadLibraryExW 75C45079 5 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!MoveFileWithProgressW 75C48D8C 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!MoveFileExW 75C48DB0 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!GetProcAddress 75C4CC94 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!GetModuleHandleW 75C4CCAC 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!GetModuleHandleA 75C4D8F3 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!LoadLibraryA 75C4DC65 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!CreateFileW 75C4E8A5 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!CreateFileA 75C4EA61 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!LoadLibraryW 75C4EF42 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!OpenFile 75C5D54F 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!MoveFileExA 75C63F78 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!MoveFileWithProgressA 75C63F98 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!CopyFileA 75C66D5A 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!MoveFileW 75C66ED6 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!MoveFileA 75C8BF49 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!CopyFileExA 75C8CDA1 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!WinExec 75C8EDB2 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!LoadModule 75C8F29D 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3328] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3328] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3328] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3328] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3328] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3328] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3328] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3328] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3328] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3328] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3328] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3328] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3968] ntdll.dll!NtAlpcSendWaitReceivePort 77095418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3968] ntdll.dll!NtClose 770954C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3968] ntdll.dll!LdrUnloadDll 770AC8DE 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3968] ntdll.dll!LdrLoadDll 770B22B8 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3968] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3968] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3968] kernel32.dll!CreateProcessAsUserW 75C359AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3968] ADVAPI32.dll!CreateProcessAsUserA 77212538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3968] GDI32.dll!DeleteDC 76DF6EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3968] GDI32.dll!GetPixel 76DFC3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3968] GDI32.dll!CreateDCA 76DFCCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3968] GDI32.dll!CreateDCW 76DFCF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [006573C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [00656AA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [006574C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00657380] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00657440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00657550] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00657400] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [00656200] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [00656B30] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [00656BF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [006561A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [00656690] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [00656600] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [00656CB0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [00656250] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [00657180] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawEdge] [00657130] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [00656450] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [00656E30] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [00656F70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [00656340] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [006564C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetScrollPos] [006562B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [006561A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHELL32.dll [USER32.dll!RegisterClassW] [00656BF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [006570B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [00656690] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [00656CB0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!DeleteObject] [00656200] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00657380] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [006573C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00657440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00657550] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00657380] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [006573C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [00657400] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\ole32.dll [GDI32.dll!DeleteObject] [00656200] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\ole32.dll [USER32.dll!CallWindowProcW] [006564C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSysColor] [006561A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSystemMetrics] [00656CB0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [00656E30] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\ole32.dll [USER32.dll!RegisterClassW] [00656BF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\ole32.dll [USER32.dll!DefWindowProcW] [00656690] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [006573C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00657380] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00657440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [00657400] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00657380] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1248] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [00657550] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Threads - GMER 1.0.15 ---- Thread System [4:4012] AABA4F2E ---- EOF - GMER 1.0.15 ----