GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-01-15 23:23:22 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250410AS rev.3.AAE Running: tjm5uqv3.exe; Driver: C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\kgndqfow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xACF3A7E6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xACF39D92] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xACF3A44C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xACF3B02A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xACF3CBEE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xACF3CF6C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xACF3977E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xACF3A9D2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xACF3ABDA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xACF39584] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xACF3B7F8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xACF3BA4E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xACF3C620] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xACF3A05A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xACF3A628] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xACF3B01A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xACF391B2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xACF3A2F4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xACF393B6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xACF3BC5C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xACF3C0B0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xACF3BE6E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xACF3B590] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xACF3AE38] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xACF3C90C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xACF3B2F8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xACF39FC4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xACF3A1E0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xACF39B94] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xACF39982] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9873000, 0x235F87, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA9C9F300, 0x3AE88, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA498300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Explorer.EXE[212] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[212] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\Explorer.EXE[212] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[212] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[212] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[212] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[212] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[212] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[212] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[212] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[212] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[212] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 02111102 C:\Program Files\Unlocker\UnlockerHook.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002ADA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002AD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002AE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002AE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002ADC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002A430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002AD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002AD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002A3E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002AD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002AD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002ADE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 1002A6F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002A480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002ACE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002AC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002A9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002AC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002AC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002AA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002ACC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002AA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002AA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002AA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002AC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002AAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002AB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002AC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002AB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002ABE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002ABC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002AAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002AA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002AB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002AB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002AAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002AB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!CopyFileExA 7C85F39C 1 Byte [E9] .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002ABA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002A9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002ACA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[276] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[472] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[472] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[472] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[472] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[472] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[472] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[472] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[472] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[472] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[472] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[472] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[472] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[528] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[528] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[528] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[528] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[528] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[528] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[528] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[528] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[528] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[528] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[528] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[528] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[528] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[536] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[536] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[536] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[536] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[536] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[536] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[536] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[536] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[536] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[536] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[536] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[536] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[596] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[596] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\RTHDCPL.EXE[596] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[596] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[596] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[596] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[596] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[596] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[596] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[596] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[596] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[596] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[616] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[616] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\notepad.exe[616] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[616] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[616] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[616] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[616] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[616] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[616] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[616] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[616] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[616] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[616] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[616] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[648] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[648] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[648] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[648] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[648] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[648] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[648] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[648] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[648] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[648] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[648] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[648] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[648] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[648] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Unlocker\UnlockerAssistant.exe[700] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Unlocker\UnlockerAssistant.exe[700] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Unlocker\UnlockerAssistant.exe[700] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Unlocker\UnlockerAssistant.exe[700] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Unlocker\UnlockerAssistant.exe[700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Unlocker\UnlockerAssistant.exe[700] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Unlocker\UnlockerAssistant.exe[700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Unlocker\UnlockerAssistant.exe[700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Unlocker\UnlockerAssistant.exe[700] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Unlocker\UnlockerAssistant.exe[700] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Unlocker\UnlockerAssistant.exe[700] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Unlocker\UnlockerAssistant.exe[700] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Unlocker\UnlockerAssistant.exe[700] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Unlocker\UnlockerAssistant.exe[700] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\csrss.exe[880] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\csrss.exe[880] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1132] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1132] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\Ati2evxx.exe[1132] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1132] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1132] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1132] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1132] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1132] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1132] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1132] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1132] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1132] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1132] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1132] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1152] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1152] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1152] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1152] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1152] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1152] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1152] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1152] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1152] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] rpcss.dll!WhichService 76A64234 8 Bytes JMP ED501001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1248] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00530250 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1248] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00549CD0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1276] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1276] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1276] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1276] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1276] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1340] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 041BD080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1340] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [8B, 87] .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1340] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 041CBB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1340] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 041CB860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 041C7DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 041BD1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1340] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 041C4F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1340] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 041C5AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1340] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 041C8BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1340] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 041C8990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1340] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 041C9CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1340] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 041C9BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1340] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 041C3A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1340] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 041C4390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1364] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1364] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1364] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1364] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1364] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1364] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1364] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1364] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1364] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1364] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1364] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1364] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1396] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 00B2D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1396] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [22, 84] .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1396] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 00B3BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1396] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 00B3B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B37DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00B2D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B34F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B35AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1396] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00B38BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1396] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00B38990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1396] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00B39CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1396] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00B39BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1396] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00B33A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1396] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00B34390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1428] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1428] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1428] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1428] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1428] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1428] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1428] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1428] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1428] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1428] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1428] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1428] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1428] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Właściciel\Pulpit\tjm5uqv3.exe[1432] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Właściciel\Pulpit\tjm5uqv3.exe[1432] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Documents and Settings\Właściciel\Pulpit\tjm5uqv3.exe[1432] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Właściciel\Pulpit\tjm5uqv3.exe[1432] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Właściciel\Pulpit\tjm5uqv3.exe[1432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Właściciel\Pulpit\tjm5uqv3.exe[1432] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Właściciel\Pulpit\tjm5uqv3.exe[1432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Właściciel\Pulpit\tjm5uqv3.exe[1432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Właściciel\Pulpit\tjm5uqv3.exe[1432] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Właściciel\Pulpit\tjm5uqv3.exe[1432] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Właściciel\Pulpit\tjm5uqv3.exe[1432] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Właściciel\Pulpit\tjm5uqv3.exe[1432] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Właściciel\Pulpit\tjm5uqv3.exe[1432] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Właściciel\Pulpit\tjm5uqv3.exe[1432] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1436] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1436] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1436] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1436] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1456] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1456] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\notepad.exe[1456] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1456] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1456] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1456] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1456] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1456] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1456] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1456] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1460] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1460] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1460] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1460] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1608] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1608] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\spoolsv.exe[1608] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1608] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1608] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1608] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1608] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1608] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1608] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1608] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1692] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1692] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\ctfmon.exe[1692] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1692] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1692] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1692] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1692] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1692] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1692] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1692] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1732] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1748] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1748] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\Ati2evxx.exe[1748] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1748] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1748] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1748] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1748] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1748] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1748] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1748] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1748] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1748] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ANIWConnService.exe[1828] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ANIWConnService.exe[1828] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\ANIWConnService.exe[1828] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ANIWConnService.exe[1828] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ANIWConnService.exe[1828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ANIWConnService.exe[1828] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ANIWConnService.exe[1828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ANIWConnService.exe[1828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ANIWConnService.exe[1828] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ANIWConnService.exe[1828] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ANIWConnService.exe[1828] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ANIWConnService.exe[1828] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ANIWConnService.exe[1828] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ANIWConnService.exe[1828] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1940] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1940] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1940] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1940] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1940] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1940] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1940] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1940] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1940] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1940] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1940] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1940] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1940] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1976] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1976] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1976] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1976] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1976] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1976] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1976] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1976] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1976] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1976] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[2004] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[2004] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Java\jre6\bin\jqs.exe[2004] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[2004] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[2004] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[2004] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[2004] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[2004] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[2004] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[2004] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[2004] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[2004] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[2004] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[2004] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002ADA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002AD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002AE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002AE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002ADC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002A430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002AD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002AD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002A3E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002AD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002AD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002ADE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 1002A6F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002A480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002ACE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002AC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002A9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002AC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002AC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002AA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002ACC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002AA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002AA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002AA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002AC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002AAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002AB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002AC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002AB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002ABE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002ABC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002AAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002AA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002AB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002AB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002AAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002AB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!CopyFileExA 7C85F39C 1 Byte [E9] .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002ABA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002A9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002ACA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002A940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002A960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002A9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2140] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002A980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\uTorrent\uTorrent.exe[2236] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\uTorrent\uTorrent.exe[2236] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\uTorrent\uTorrent.exe[2236] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\uTorrent\uTorrent.exe[2236] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\uTorrent\uTorrent.exe[2236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\uTorrent\uTorrent.exe[2236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\uTorrent\uTorrent.exe[2236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\uTorrent\uTorrent.exe[2236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\uTorrent\uTorrent.exe[2236] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\uTorrent\uTorrent.exe[2236] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\uTorrent\uTorrent.exe[2236] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\uTorrent\uTorrent.exe[2236] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\uTorrent\uTorrent.exe[2236] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\uTorrent\uTorrent.exe[2236] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2328] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 012CD080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2328] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [9C, 84] .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2328] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 012DBB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2328] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 012DB860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2328] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 012D7DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2328] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 012CD1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 012D4F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 012D5AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2328] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 012D3A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2328] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 012D4390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2328] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 012D8BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2328] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 012D8990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2328] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 012D9CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2328] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 012D9BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2364] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 00C8D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2364] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [38, 84] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2364] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 00C9BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2364] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 00C9B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2364] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C97DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2364] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00C8D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C94F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C95AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2364] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00C93A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2364] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00C94390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2364] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00C98BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2364] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00C98990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2364] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00C99CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2364] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00C99BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2364] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 106ACCFA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2364] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 106ACC8C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2364] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 1045E78C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2364] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 1045ED49 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Gadu-Gadu 10\gg.exe[2372] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 0297D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[2372] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [07, 86] .text C:\Program Files\Gadu-Gadu 10\gg.exe[2372] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0298BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[2372] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0298B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[2372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 02987DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[2372] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0297D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[2372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02984F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[2372] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02985AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[2372] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 02988BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[2372] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 02988990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[2372] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 02989CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[2372] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 02989BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[2372] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 02983A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[2372] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 02984390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2384] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2384] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2384] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2384] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2384] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2384] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2384] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2384] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2384] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2384] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2492] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2492] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2492] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2492] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2492] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2492] ADVAPI32.DLL!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2492] ADVAPI32.DLL!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2492] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2492] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2492] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2492] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2736] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2736] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2736] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2736] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2736] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2736] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2736] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2736] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2736] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2736] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2736] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2736] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2736] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2896] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2896] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\System32\alg.exe[2896] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2896] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2896] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2896] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2896] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2896] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2896] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2896] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2896] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2896] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2896] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2896] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002ADA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002AD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002AE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002AE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002ADC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002A430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002AD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002AD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002A3E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002AD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002AD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002ADE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 1002A6F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002A480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002ACE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002AC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002A9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002AC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002AC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002AA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002ACC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002AA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002AA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002AA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002AC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002AAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002AB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002AC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002AB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002ABE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002ABC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002AAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002AA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002AB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002AB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002AAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002AB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!CopyFileExA 7C85F39C 1 Byte [E9] .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002ABA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002A9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002ACA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002A940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002A960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002A9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002A980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\swriter.exe[3280] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3456] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3456] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95} .text C:\WINDOWS\System32\svchost.exe[3456] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3456] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3456] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3456] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3456] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3456] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3456] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[3456] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9E57750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9E57820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E577F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9E577B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9E577B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9E57820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9E57750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E577F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E577F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9E577B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9E57820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9E57750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9E577B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B9E577F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9E57750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9E57820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9E57750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9E57820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9E577B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E577F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9E577B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9E57820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9E57750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B9E577B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E577F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B9E57750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9E57820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\0\B5\588E3d01 0 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\3\9B\4104Cm01 0 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\3\A2\CBDF1m01 0 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\7\D8\82DA2d01 2610 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\7\D8\82DA2m01 3182 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\9\47\884BFm01 0 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\A\81\02BC5m01 0 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\A\86\03F70m01 3186 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\A\8A\F3A10d01 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes ---- EOF - GMER 1.0.15 ----