GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-27 16:50:57 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS542580K9SA00 rev.BBBOC31P Running: whk19gqt.exe; Driver: C:\Users\Admin\AppData\Local\Temp\aglorpod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8CC18F80] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8CC1916C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8CC182E0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8CC18BE6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8CC1899A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8CC19CE4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8CC17CCC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8CC19716] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8CC185A8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8CC18DC2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8CC18842] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8CC19A02] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8CC18512] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8CC1872E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x8CC180E2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8CC17ED0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8CC1939A] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\RtHDVCpl.exe[124] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[124] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[124] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[124] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[124] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[124] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[124] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[124] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[124] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[124] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[124] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\RtHDVCpl.exe[124] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[340] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[340] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[340] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[340] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[340] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[340] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[340] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[340] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[340] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[340] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[340] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[340] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[520] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[520] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[520] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[520] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[520] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[520] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[520] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[520] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[520] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[520] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[520] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[520] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[552] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 75BA1BA0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[552] ntdll.dll!NtReplyWaitReceivePort 77614F74 5 Bytes JMP 75BA1450 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[552] ntdll.dll!NtReplyWaitReceivePortEx 77614F84 5 Bytes JMP 75BA17F0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[556] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[556] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[556] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[556] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[556] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[556] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[556] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[556] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[556] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[556] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[556] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[556] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!RegisterRawInputDevices 76066161 5 Bytes JMP 10018E60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!SetWindowsHookExA 76066322 5 Bytes JMP 1001CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!SystemParametersInfoA 760682E1 7 Bytes JMP 1001C5F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!GetAsyncKeyState 7606863C 5 Bytes JMP 10019080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!SetWindowsHookExW 760687AD 5 Bytes JMP 1001C810 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!SendNotifyMessageW 760693D6 5 Bytes JMP 1001A0C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!MoveWindow 7606989F 5 Bytes JMP 10018B80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!SetWinEventHook 76069F3A 5 Bytes JMP 1001C0C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!SetParent 7606A2AA 5 Bytes JMP 100188E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!PostThreadMessageA 7606BD34 5 Bytes JMP 1001B8E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!GetKeyboardState 7606BD7D 5 Bytes JMP 100195E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!RegisterHotKey 7606BDA5 5 Bytes JMP 100180A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!EnableWindow 7606CD8B 5 Bytes JMP 10017E00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!PostMessageA 7606F8F8 5 Bytes JMP 1001BE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!SendMessageA 7606F956 5 Bytes JMP 1001B3A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!SendMessageTimeoutW 7607352D 5 Bytes JMP 1001AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!SendMessageCallbackW 76074570 5 Bytes JMP 1001A600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!PostThreadMessageW 76077C8E 5 Bytes JMP 1001B640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!GetKeyState 76078CB1 5 Bytes JMP 10019330 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!PostMessageW 7607A175 5 Bytes JMP 1001BB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!SendMessageW 76080AED 5 Bytes JMP 1001B100 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!SystemParametersInfoW 760811D8 7 Bytes JMP 1001C3D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!SendDlgItemMessageA 7608275B 5 Bytes JMP 10019E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!SetClipboardViewer 7608BA2D 5 Bytes JMP 100186E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!SendNotifyMessageA 7608DFCF 5 Bytes JMP 1001A360 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!BlockInput 7608FF0A 5 Bytes JMP 100184E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!SendMessageTimeoutA 76090006 5 Bytes JMP 1001AE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!mouse_event 7609044E 5 Bytes JMP 10029670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!SendDlgItemMessageW 76090E38 5 Bytes JMP 10019B60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!SendInput 76092F75 5 Bytes JMP 10019890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!GetClipboardData 760A715A 5 Bytes JMP 100182D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!ExitWindowsEx 760AB7C3 5 Bytes JMP 10017BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!keybd_event 760BD972 5 Bytes JMP 10029880 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] USER32.dll!SendMessageCallbackA 760C2CA7 5 Bytes JMP 1001A8C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] GDI32.dll!BitBlt 765A70A6 5 Bytes JMP 100293E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] GDI32.dll!StretchBlt 765A93D6 5 Bytes JMP 10028C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] GDI32.dll!MaskBlt 765AC5CB 5 Bytes JMP 10029130 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[600] GDI32.dll!PlgBlt 765BEB50 5 Bytes JMP 10028EA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[612] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 75BA1BA0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[612] ntdll.dll!NtReplyWaitReceivePort 77614F74 5 Bytes JMP 75BA1450 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\csrss.exe[612] ntdll.dll!NtReplyWaitReceivePortEx 77614F84 5 Bytes JMP 75BA17F0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[652] services.exe 00291628 4 Bytes [80, E1, 01, 10] .text C:\Windows\system32\services.exe[652] services.exe 00291638 4 Bytes [60, DC, 01, 10] .text C:\Windows\system32\services.exe[652] services.exe 00291658 4 Bytes [A0, E4, 01, 10] .text C:\Windows\system32\services.exe[652] services.exe 00291668 4 Bytes [E0, DE, 01, 10] {LOOPNZ 0xffffffffffffffe0; ADD [EAX], EDX} .text C:\Windows\system32\services.exe[652] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[652] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[652] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[652] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[652] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[652] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[652] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[652] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[652] RPCRT4.dll!RpcServerRegisterIfEx 764C929C 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[652] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[652] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[652] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[652] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[696] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[696] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[696] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[696] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[696] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[696] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[696] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[696] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[696] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[696] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[696] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[696] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[708] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[708] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[708] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[708] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[708] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[708] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[708] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[708] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[708] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[708] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[708] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[708] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] RPCRT4.dll!RpcServerRegisterIfEx 764C929C 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[856] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[912] ntdll.dll!NtAllocateVirtualMemory 77613FA4 5 Bytes JMP 007752B0 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] RPCRT4.dll!RpcServerRegisterIfEx 764C929C 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] rpcss.dll!WhichService 74E83F84 8 Bytes JMP ED501001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[984] ntdll.dll!NtAllocateVirtualMemory 77613FA4 5 Bytes JMP 00530250 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[984] ntdll.dll!NtCreateFile 77614244 5 Bytes JMP 00549CD0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1084] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1084] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1084] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1084] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1084] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1084] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1140] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1140] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1140] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1140] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1140] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1140] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1140] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1140] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1164] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1164] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1164] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1164] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1164] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1164] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1164] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1164] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1164] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1164] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1176] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1176] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1176] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1176] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1176] RPCRT4.dll!RpcServerRegisterIfEx 764C929C 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1176] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1176] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1176] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1176] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1252] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1252] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1252] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1252] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1252] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1252] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1252] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1252] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1252] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1252] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1252] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[1252] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1276] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1276] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1276] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1276] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1276] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1276] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1276] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1276] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[1328] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[1328] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[1328] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[1328] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[1328] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[1328] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[1328] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[1328] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[1328] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[1328] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[1328] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[1328] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1496] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 00D17DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1496] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 00D0D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1496] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 00D1B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1496] ntdll.dll!NtClose 77614184 5 Bytes JMP 00D0D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1496] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 00D14F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1496] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 00D15AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1496] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 00D14390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1496] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 00D13A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1496] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 00D18BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1496] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 00D19BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1496] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 00D19CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1496] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 00D18990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1576] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 003A7DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1576] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 0039D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1576] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 003AB520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1576] ntdll.dll!NtClose 77614184 5 Bytes JMP 0039D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1576] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 003A4F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1576] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 003A5AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1576] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 003A8BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1576] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 003A9BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1576] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 003A9CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1576] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 003A8990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1576] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 003A4390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1576] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 003A3A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[1588] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 002B7DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[1588] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 002AD1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[1588] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 002BB520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[1588] ntdll.dll!NtClose 77614184 5 Bytes JMP 002AD080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[1588] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 002B4F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[1588] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 002B5AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[1588] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 002B8BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[1588] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 002B9BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[1588] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 002B9CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[1588] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 002B8990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[1588] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 002B4390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[1588] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 002B3A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1736] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1736] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1736] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1736] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1736] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1736] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1736] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1736] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1736] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1736] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1736] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1736] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1764] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1764] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1764] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1764] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1764] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1764] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1764] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1764] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1764] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1764] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1764] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1764] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1772] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1772] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1772] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1772] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1772] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1772] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1772] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1772] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1772] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1772] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1772] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1772] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\Desktop\Nowy folder\whk19gqt.exe[1800] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\Desktop\Nowy folder\whk19gqt.exe[1800] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\Desktop\Nowy folder\whk19gqt.exe[1800] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\Desktop\Nowy folder\whk19gqt.exe[1800] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\Desktop\Nowy folder\whk19gqt.exe[1800] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\Desktop\Nowy folder\whk19gqt.exe[1800] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\Desktop\Nowy folder\whk19gqt.exe[1800] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\Desktop\Nowy folder\whk19gqt.exe[1800] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\Desktop\Nowy folder\whk19gqt.exe[1800] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\Desktop\Nowy folder\whk19gqt.exe[1800] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\Desktop\Nowy folder\whk19gqt.exe[1800] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\Desktop\Nowy folder\whk19gqt.exe[1800] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1932] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1932] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1932] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1932] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1932] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1932] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1932] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1932] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[1940] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[1940] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[1940] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[1940] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[1940] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[1940] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[1940] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[1940] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[1940] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[1940] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[1940] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[1940] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1968] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1968] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1968] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1968] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1968] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1968] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1968] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1968] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1968] RPCRT4.dll!RpcServerRegisterIfEx 764C929C 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1968] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1968] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1968] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1968] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\agrsmsvc.exe[1988] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\agrsmsvc.exe[1988] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\agrsmsvc.exe[1988] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\agrsmsvc.exe[1988] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\agrsmsvc.exe[1988] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\agrsmsvc.exe[1988] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\agrsmsvc.exe[1988] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\agrsmsvc.exe[1988] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\agrsmsvc.exe[1988] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\agrsmsvc.exe[1988] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\agrsmsvc.exe[1988] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\agrsmsvc.exe[1988] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2120] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2120] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2120] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2120] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2120] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2120] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2120] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2120] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2120] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2120] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2120] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2120] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2132] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2132] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2132] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2132] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2132] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2132] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2132] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2132] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2132] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2132] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2132] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[2132] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2304] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2304] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2304] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2304] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2304] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2304] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2304] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2304] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2304] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2304] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2328] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2328] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2328] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2328] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2328] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2328] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2328] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2328] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2328] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2328] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2328] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2328] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2388] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2388] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2388] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2388] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2388] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2388] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2388] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2388] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2388] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2388] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2456] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2456] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2456] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2456] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2456] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2456] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2456] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2456] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2456] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2456] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2456] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2456] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2588] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2588] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2588] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2588] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2588] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2588] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2588] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2588] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2588] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2588] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2588] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2588] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2600] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2600] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2600] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2600] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2600] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2600] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2600] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2600] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2600] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2600] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2600] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2600] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2628] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2628] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2628] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2628] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2628] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2628] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2628] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2628] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2628] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2628] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2628] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2628] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer.exe[2832] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer.exe[2832] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer.exe[2832] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer.exe[2832] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer.exe[2832] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer.exe[2832] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer.exe[2832] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer.exe[2832] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer.exe[2832] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer.exe[2832] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer.exe[2832] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TeamViewer\Version5\TeamViewer.exe[2832] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\AppData\Local\Temp\RtkBtMnt.exe[3260] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\AppData\Local\Temp\RtkBtMnt.exe[3260] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\AppData\Local\Temp\RtkBtMnt.exe[3260] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\AppData\Local\Temp\RtkBtMnt.exe[3260] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\AppData\Local\Temp\RtkBtMnt.exe[3260] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\AppData\Local\Temp\RtkBtMnt.exe[3260] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\AppData\Local\Temp\RtkBtMnt.exe[3260] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\AppData\Local\Temp\RtkBtMnt.exe[3260] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\AppData\Local\Temp\RtkBtMnt.exe[3260] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\AppData\Local\Temp\RtkBtMnt.exe[3260] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\AppData\Local\Temp\RtkBtMnt.exe[3260] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Admin\AppData\Local\Temp\RtkBtMnt.exe[3260] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[3328] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[3328] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[3328] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[3328] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[3328] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[3328] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[3328] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[3328] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[3328] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[3328] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[3328] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[3328] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3564] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3564] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3564] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3564] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3564] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3564] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3564] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3564] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3564] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3564] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3564] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\unsecapp.exe[3564] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3756] ntdll.dll!LdrLoadDll 775D9378 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3756] ntdll.dll!LdrUnloadDll 775EB680 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3756] ntdll.dll!NtAlpcSendWaitReceivePort 776140E4 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3756] ntdll.dll!NtClose 77614184 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3756] kernel32.dll!CreateProcessW 77731BF3 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3756] kernel32.dll!CreateProcessA 77731C28 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3756] ADVAPI32.dll!CreateProcessAsUserA 772CCEB9 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3756] ADVAPI32.dll!CreateProcessAsUserW 772E1EE9 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3756] GDI32.dll!DeleteDC 765A68CD 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3756] GDI32.dll!CreateDCW 765AA91D 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3756] GDI32.dll!CreateDCA 765AAA49 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[3756] GDI32.dll!GetPixel 765ABE90 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet003\Services\LanmanServer\Linkage@Bind ????????? ?????????????????????!????????????????????????????????????????????????????????????????????????? ??????????????????????????????