GMER 1.0.15.15627 - http://www.gmer.net Rootkit scan 2011-05-07 22:18:17 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort3 SAMSUNG_HD160JJ rev.ZM100-47 Running: k1w2w5rf.exe; Driver: C:\Users\MICHA~1\AppData\Local\Temp\afrdrpoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x922CD728] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x922CD7D8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x922CD870] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x922E1652] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 83253589 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83278092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 23C 8327F84C 4 Bytes [28, D7, 2C, 92] {SUB BH, DL; SUB AL, 0x92} .text ntkrnlpa.exe!RtlSidHashLookup + 3FC 8327FA0C 2 Bytes [D8, D7] {FCOM ST(7)} .text ntkrnlpa.exe!RtlSidHashLookup + 3FF 8327FA0F 1 Byte [92] .text ntkrnlpa.exe!RtlSidHashLookup + 54C 8327FB5C 4 Bytes [70, D8, 2C, 92] {JO 0xffffffffffffffda; SUB AL, 0x92} PAGE ntkrnlpa.exe!ObMakeTemporaryObject 834192CB 5 Bytes JMP 922DD1EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 83433003 5 Bytes JMP 922DECA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!NtCreateSection 834411B3 7 Bytes JMP 922E1656 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ? C:\Users\MICHA~1\AppData\Local\Temp\ALSysIO.sys Nie można odnaleźć określonego pliku. ! .text sechost.dll!SetServiceObjectSecurity 77565181 5 Bytes [E9, BA, 4B, 7A, ED] {JMP 0xffffffffed7a4bbf} .text sechost.dll!ChangeServiceConfigA 77565254 5 Bytes [E9, 87, 28, 7A, ED] {JMP 0xffffffffed7a288c} .text sechost.dll!ChangeServiceConfigW 775653D5 5 Bytes [E9, F6, 2A, 7A, ED] {JMP 0xffffffffed7a2afb} .text sechost.dll!ChangeServiceConfig2A 775654C2 5 Bytes [E9, C9, 2D, 7A, ED] {JMP 0xffffffffed7a2dce} .text sechost.dll!ChangeServiceConfig2W 775655E2 5 Bytes [E9, D9, 2D, 7A, ED] {JMP 0xffffffffed7a2dde} .text sechost.dll!CreateServiceA 7756567C 5 Bytes [E9, FF, 86, AC, 98] {JMP 0xffffffff98ac8704} .text sechost.dll!CreateServiceW 7756589F 5 Bytes [E9, FC, 81, AC, 98] {JMP 0xffffffff98ac8201} .text sechost.dll!DeleteService 77565A22 5 Bytes [E9, B9, 1E, 7A, ED] {JMP 0xffffffffed7a1ebe} .text sechost.dll!OpenServiceW 7756714B 7 Bytes [E9, E0, 66, AC, 98, CC, CC] {JMP 0xffffffff98ac66e5; INT 3 ; INT 3 } .text sechost.dll!OpenServiceA 77567245 7 Bytes [E9, 46, 63, AC, 98, CC, CC] {JMP 0xffffffff98ac634b; INT 3 ; INT 3 } .text user32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes [E9, 30, F0, A4, ED] {JMP 0xffffffffeda4f035} .text user32.dll!UnhookWinEvent 772BD924 5 Bytes [E9, 77, DF, A4, ED] {JMP 0xffffffffeda4df7c} .text user32.dll!SetWindowsHookExW 772C210A 5 Bytes [E9, 21, 9A, A4, ED] {JMP 0xffffffffeda49a26} .text user32.dll!SetWinEventHook 772C507E 5 Bytes [E9, 9D, 66, A4, ED] {JMP 0xffffffffeda466a2} .text user32.dll!SetWindowsHookExA 772E6DFA 5 Bytes [E9, B1, 4B, A2, ED] {JMP 0xffffffffeda24bb6} .text user32.dll!EndTask 772FFD8E 5 Bytes [E9, 2D, E6, D2, 98] {JMP 0xffffffff98d2e632} .text kernel32.dll!CreateProcessW 76E0202D 5 Bytes [E9, 5E, 57, 22, 99] {JMP 0xffffffff99225763} .text kernel32.dll!CreateProcessA 76E02062 5 Bytes [E9, B9, 62, 22, 99] {JMP 0xffffffff992262be} .text kernel32.dll!OpenFile 76E3410F 5 Bytes [E9, 8C, 8B, 1F, 99] {JMP 0xffffffff991f8b91} .text kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes [E9, 07, E9, 1E, 99] {JMP 0xffffffff991ee90c} .text kernel32.dll!CopyFileW 76E38C8F 5 Bytes [E9, 8C, 3F, 1F, 99] {JMP 0xffffffff991f3f91} .text kernel32.dll!MoveFileW 76E3A173 5 Bytes [E9, 28, 2A, 1F, 99] {JMP 0xffffffff991f2a2d} .text kernel32.dll!CopyFileExW 76E407BB 7 Bytes [E9, 20, C4, 1E, 99, CC, CC] {JMP 0xffffffff991ec425; INT 3 ; INT 3 } .text kernel32.dll!VirtualProtect 76E450AB 5 Bytes [E9, 70, 79, 1E, 99] {JMP 0xffffffff991e7975} .text kernel32.dll!DeleteFileW 76E4656B 5 Bytes [E9, 70, 65, 1E, 99] {JMP 0xffffffff991e6575} .text kernel32.dll!DeleteFileA 76E48BB6 5 Bytes [E9, 45, 3F, 1E, 99] {JMP 0xffffffff991e3f4a} .text kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes [E9, FC, 15, 1E, 99] {JMP 0xffffffff991e1601} .text kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes [E9, 50, 10, 1E, 99] {JMP 0xffffffff991e1055} .text kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes [E9, 17, 0C, 1E, 99] {JMP 0xffffffff991e0c1c} .text kernel32.dll!MoveFileExW 76E4BF28 5 Bytes [E9, 33, 0C, 1E, 99] {JMP 0xffffffff991e0c38} .text kernel32.dll!CreateFileW 76E50B7D 5 Bytes [E9, DE, C0, 1D, 99] {JMP 0xffffffff991dc0e3} .text kernel32.dll!GetProcAddress 76E51857 5 Bytes [E9, C4, B4, 1D, 99] {JMP 0xffffffff991db4c9} .text kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes [E9, DA, B0, 1D, 99] {JMP 0xffffffff991db0df} .text kernel32.dll!LoadLibraryA 76E52884 5 Bytes [E9, F7, A1, 1D, 99] {JMP 0xffffffff991da1fc} .text kernel32.dll!LoadLibraryW 76E528D2 5 Bytes [E9, 89, A1, 1D, 99] {JMP 0xffffffff991da18e} .text kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes [E9, C4, A1, 1D, 99] {JMP 0xffffffff991da1c9} .text kernel32.dll!CreateFileA 76E5291C 5 Bytes [E9, 5F, A3, 1D, 99] {JMP 0xffffffff991da364} .text kernel32.dll!MoveFileExA 76E63013 5 Bytes [E9, 68, 9B, 1C, 99] {JMP 0xffffffff991c9b6d} .text kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes [E9, 08, 9B, 1C, 99] {JMP 0xffffffff991c9b0d} .text kernel32.dll!CopyFileA 76E67D1C 5 Bytes [E9, 1F, 4F, 1C, 99] {JMP 0xffffffff991c4f24} .text kernel32.dll!MoveFileA 76E8AD89 5 Bytes [E9, 32, 1E, 1A, 99] {JMP 0xffffffff991a1e37} .text kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes [E9, 1A, 10, 1A, 99] {JMP 0xffffffff991a101f} .text kernel32.dll!WinExec 76E8E76D 5 Bytes [E9, CE, E2, 19, 99] {JMP 0xffffffff9919e2d3} .text kernel32.dll!LoadModule 76E8EC86 5 Bytes [E9, 75, E0, 19, 99] {JMP 0xffffffff9919e07a} .text wininet.dll!InternetConnectA 76C05456 5 Bytes [E9, 25, 75, 42, 99] {JMP 0xffffffff9942752a} .text wininet.dll!InternetConnectW 76C05AD2 5 Bytes [E9, 89, 6E, 42, 99] {JMP 0xffffffff99426e8e} .text ole32.dll!CoGetClassObject 76AAA394 5 Bytes [E9, 67, 42, 58, 99] {JMP 0xffffffff9958426c} .text ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes [E9, EC, 8E, 56, 99] {JMP 0xffffffff99568ef1} .text advapi32.dll!CreateProcessAsUserA 769C14FD 5 Bytes [E9, EE, 56, 66, 99] {JMP 0xffffffff996656f3} .text shell32.dll!ShellExecuteW 758C4250 5 Bytes [E9, 8B, 87, 76, 9A] {JMP 0xffffffff9a768790} .text shell32.dll!ShellExecuteExW 758D1BCC 5 Bytes [E9, CF, AD, 75, 9A] {JMP 0xffffffff9a75add4} .text shell32.dll!ShellExecuteEx 75AF9B12 5 Bytes [E9, A9, 2E, 53, 9A] {JMP 0xffffffff9a532eae} .text shell32.dll!ShellExecuteA 75AF9BAD 5 Bytes [E9, 4E, 2E, 53, 9A] {JMP 0xffffffff9a532e53} ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\wininit.exe[520] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\wininit.exe[520] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wininit.exe[520] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wininit.exe[520] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wininit.exe[520] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wininit.exe[520] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wininit.exe[520] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] WS2_32.dll!WSASocketW 77523D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[520] WS2_32.dll!WSASocketA 7752B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\services.exe[576] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\services.exe[576] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\services.exe[576] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\services.exe[576] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\services.exe[576] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\services.exe[576] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] WS2_32.dll!WSASocketW 77523D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[576] WS2_32.dll!WSASocketA 7752B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\lsass.exe[600] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\lsass.exe[600] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\lsass.exe[600] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\lsass.exe[600] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\lsass.exe[600] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\lsass.exe[600] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] WS2_32.dll!WSASocketW 77523D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[600] WS2_32.dll!WSASocketA 7752B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\lsm.exe[608] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\lsm.exe[608] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\lsm.exe[608] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\lsm.exe[608] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\lsm.exe[608] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\lsm.exe[608] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[608] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\winlogon.exe[632] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\winlogon.exe[632] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\winlogon.exe[632] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\winlogon.exe[632] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\winlogon.exe[632] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\winlogon.exe[632] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\winlogon.exe[632] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\Dwm.exe[696] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\Dwm.exe[696] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\Dwm.exe[696] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\Dwm.exe[696] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\Dwm.exe[696] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\Dwm.exe[696] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\Dwm.exe[696] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[696] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[784] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[784] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[784] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[784] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[784] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\nvvsvc.exe[872] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\nvvsvc.exe[872] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\nvvsvc.exe[872] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\nvvsvc.exe[872] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\nvvsvc.exe[872] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\nvvsvc.exe[872] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] SHELL32.dll!ShellExecuteW 758C4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] SHELL32.dll!ShellExecuteExW 758D1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] SHELL32.dll!ShellExecuteEx 75AF9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] SHELL32.dll!ShellExecuteA 75AF9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[872] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[916] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[916] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[916] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[916] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[916] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] WS2_32.dll!WSASocketW 77523D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[916] WS2_32.dll!WSASocketA 7752B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[984] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 0050ED30 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[984] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 005266C0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[984] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[984] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[984] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[984] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[984] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[984] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[984] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1064] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1064] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1064] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\atiesrxx.exe[1124] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\atiesrxx.exe[1124] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\atiesrxx.exe[1124] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\atiesrxx.exe[1124] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\atiesrxx.exe[1124] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\atiesrxx.exe[1124] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1124] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[1208] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[1208] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[1208] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] WS2_32.dll!WSASocketW 77523D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1208] WS2_32.dll!WSASocketA 7752B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\System32\svchost.exe[1248] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[1248] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[1248] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[1248] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[1248] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[1248] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1248] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1280] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 0035000A .text C:\Windows\system32\svchost.exe[1280] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 0036000A .text C:\Windows\system32\svchost.exe[1280] ntdll.dll!KiUserExceptionDispatcher 773C6298 5 Bytes JMP 0034000A .text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1280] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1280] ole32.dll!CoCreateInstance 76AC590C 5 Bytes JMP 006F000A .text C:\Windows\system32\svchost.exe[1280] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1280] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1280] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1280] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1280] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1508] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1508] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1508] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1508] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1508] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1508] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] WS2_32.dll!WSASocketW 77523D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1508] WS2_32.dll!WSASocketA 7752B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\atieclxx.exe[1548] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\atieclxx.exe[1548] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\atieclxx.exe[1548] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\atieclxx.exe[1548] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\atieclxx.exe[1548] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\atieclxx.exe[1548] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1548] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1564] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\nvvsvc.exe[1576] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\nvvsvc.exe[1576] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\nvvsvc.exe[1576] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\nvvsvc.exe[1576] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\nvvsvc.exe[1576] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] SHELL32.dll!ShellExecuteW 758C4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] SHELL32.dll!ShellExecuteExW 758D1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] SHELL32.dll!ShellExecuteEx 75AF9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] SHELL32.dll!ShellExecuteA 75AF9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1576] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 0368000A .text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 036D000A .text C:\Windows\Explorer.EXE[1624] ntdll.dll!KiUserExceptionDispatcher 773C6298 5 Bytes JMP 0367000A .text C:\Windows\Explorer.EXE[1624] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\Explorer.EXE[1624] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\Explorer.EXE[1624] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\Explorer.EXE[1624] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\Explorer.EXE[1624] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\Explorer.EXE[1624] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] SHELL32.dll!ShellExecuteW 758C4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] SHELL32.dll!ShellExecuteExW 758D1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] SHELL32.dll!ShellExecuteEx 75AF9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] SHELL32.dll!ShellExecuteA 75AF9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] ntdll.dll!LdrUnloadDll 773DBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!SetUnhandledExceptionFilter 76E53162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] WS2_32.dll!WSASocketW 77523D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] WS2_32.dll!WSASocketA 7752B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] SHELL32.dll!ShellExecuteW 758C4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] SHELL32.dll!ShellExecuteExW 758D1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] SHELL32.dll!ShellExecuteEx 75AF9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] SHELL32.dll!ShellExecuteA 75AF9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1728] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\spoolsv.exe[1928] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\spoolsv.exe[1928] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\spoolsv.exe[1928] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\spoolsv.exe[1928] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\spoolsv.exe[1928] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] WS2_32.dll!WSASocketW 77523D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] WS2_32.dll!WSASocketA 7752B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1928] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskhost.exe[1956] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskhost.exe[1956] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskhost.exe[1956] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskhost.exe[1956] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskhost.exe[1956] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1956] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] ntdll.dll!LdrUnloadDll 773DBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] WS2_32.dll!WSASocketW 77523D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] WS2_32.dll!WSASocketA 7752B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] SHELL32.dll!ShellExecuteW 758C4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] SHELL32.dll!ShellExecuteExW 758D1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] SHELL32.dll!ShellExecuteEx 75AF9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] SHELL32.dll!ShellExecuteA 75AF9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2088] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 00744760 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] SHELL32.dll!ShellExecuteW 758C4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] SHELL32.dll!ShellExecuteExW 758D1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] SHELL32.dll!ShellExecuteEx 75AF9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] SHELL32.dll!ShellExecuteA 75AF9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2120] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] SHELL32.dll!ShellExecuteW 758C4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] SHELL32.dll!ShellExecuteExW 758D1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] SHELL32.dll!ShellExecuteEx 75AF9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] SHELL32.dll!ShellExecuteA 75AF9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2168] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!SetUnhandledExceptionFilter 76E53162 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] SHELL32.dll!ShellExecuteW 758C4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] SHELL32.dll!ShellExecuteExW 758D1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] SHELL32.dll!ShellExecuteEx 75AF9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] SHELL32.dll!ShellExecuteA 75AF9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2176] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] SHELL32.dll!ShellExecuteW 758C4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] SHELL32.dll!ShellExecuteExW 758D1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] SHELL32.dll!ShellExecuteEx 75AF9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2192] SHELL32.dll!ShellExecuteA 75AF9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] SHELL32.dll!ShellExecuteW 758C4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] SHELL32.dll!ShellExecuteExW 758D1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] SHELL32.dll!ShellExecuteEx 75AF9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] SHELL32.dll!ShellExecuteA 75AF9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2236] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Program Files\Pidgin\pidgin.exe[2264] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] ntdll.dll!KiUserExceptionDispatcher 773C6298 5 Bytes JMP 1002C750 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] ADVAPI32.DLL!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] SHELL32.DLL!ShellExecuteW 758C4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] SHELL32.DLL!ShellExecuteExW 758D1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] SHELL32.DLL!ShellExecuteEx 75AF9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] SHELL32.DLL!ShellExecuteA 75AF9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Pidgin\pidgin.exe[2264] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Pidgin\pidgin.exe[2264] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Pidgin\pidgin.exe[2264] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Pidgin\pidgin.exe[2264] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Pidgin\pidgin.exe[2264] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2264] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2308] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] ADVAPI32.DLL!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] SHELL32.dll!ShellExecuteW 758C4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] SHELL32.dll!ShellExecuteExW 758D1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] SHELL32.dll!ShellExecuteEx 75AF9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] SHELL32.dll!ShellExecuteA 75AF9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] OLE32.DLL!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] OLE32.DLL!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2360] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[2540] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[2540] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[2540] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[2540] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[2540] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[2540] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] WS2_32.dll!WSASocketW 77523D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2540] WS2_32.dll!WSASocketA 7752B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\taskeng.exe[2572] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskeng.exe[2572] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskeng.exe[2572] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskeng.exe[2572] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskeng.exe[2572] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskeng.exe[2572] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2572] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\SearchProtocolHost.exe[2696] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchProtocolHost.exe[2696] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchProtocolHost.exe[2696] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchProtocolHost.exe[2696] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchProtocolHost.exe[2696] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchProtocolHost.exe[2696] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] SHELL32.dll!ShellExecuteW 758C4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] SHELL32.dll!ShellExecuteExW 758D1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] SHELL32.dll!ShellExecuteEx 75AF9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[2696] SHELL32.dll!ShellExecuteA 75AF9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\SearchFilterHost.exe[2704] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchFilterHost.exe[2704] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchFilterHost.exe[2704] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchFilterHost.exe[2704] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchFilterHost.exe[2704] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchFilterHost.exe[2704] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[2704] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] SHELL32.dll!ShellExecuteW 758C4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] SHELL32.dll!ShellExecuteExW 758D1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] SHELL32.dll!ShellExecuteEx 75AF9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] SHELL32.dll!ShellExecuteA 75AF9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2784] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 03CBCE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] ntdll.dll!NtClose 773C4770 5 Bytes JMP 03CACD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 03CBCDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 03CBCE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 03CBCE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 03CBCE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 03CBC490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 03CBCDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 03CBCDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 03CBC440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 03CBCD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 03CBCD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 03CBCE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 03CBC4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 03CACE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 03CBCD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 03CBA630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 03CB7790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 03CB8320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 03CBCCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 03CB62C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 03CBCC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 03CBCBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 03CBCBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 03CBCA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 03CBCAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 03CBCB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 03CBCCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 03CBCCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 03CBCB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 03CBCB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 03CBCC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 03CBCD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 03CBCAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 03CBCA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 03CBCA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 03CBCAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 03CBCC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 03CBCB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 03CBCB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 03CBCC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 03CBCBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 03CBCC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 03CBCA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 03CBCD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 03CBE3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 03CB6BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] WS2_32.dll!WSASocketW 77523D1B 7 Bytes JMP 03CBC920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] WS2_32.dll!WSASocketA 7752B7FC 5 Bytes JMP 03CBC940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 03CBE600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 03CBE840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] SHELL32.dll!ShellExecuteW 758C4250 5 Bytes JMP 03CBC9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] SHELL32.dll!ShellExecuteExW 758D1BCC 5 Bytes JMP 03CBC9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] SHELL32.dll!ShellExecuteEx 75AF9B12 5 Bytes JMP 03CBC9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] SHELL32.dll!ShellExecuteA 75AF9BAD 5 Bytes JMP 03CBCA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 03CBC980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2864] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 03CBC960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Program Files\Core Temp\Core Temp.exe[2900] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Core Temp\Core Temp.exe[2900] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Core Temp\Core Temp.exe[2900] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Core Temp\Core Temp.exe[2900] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Core Temp\Core Temp.exe[2900] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Core Temp\Core Temp.exe[2900] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] SHELL32.dll!ShellExecuteW 758C4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] SHELL32.dll!ShellExecuteExW 758D1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] SHELL32.dll!ShellExecuteEx 75AF9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] SHELL32.dll!ShellExecuteA 75AF9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2900] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] SHELL32.dll!ShellExecuteW 758C4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] SHELL32.dll!ShellExecuteExW 758D1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] SHELL32.dll!ShellExecuteEx 75AF9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] SHELL32.dll!ShellExecuteA 75AF9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2996] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[3064] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[3064] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[3064] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[3064] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[3064] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[3064] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3064] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\System32\svchost.exe[3252] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[3252] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[3252] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[3252] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[3252] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[3252] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3252] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] SHELL32.dll!ShellExecuteW 758C4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] SHELL32.dll!ShellExecuteExW 758D1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] SHELL32.dll!ShellExecuteEx 75AF9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] SHELL32.dll!ShellExecuteA 75AF9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[3340] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\System32\svchost.exe[3396] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[3396] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[3396] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[3396] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[3396] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[3396] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[3396] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3484] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[3556] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[3556] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[3556] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[3556] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[3556] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[3556] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3556] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[3772] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[3772] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[3772] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[3772] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[3772] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[3772] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3772] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\SearchIndexer.exe[3896] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchIndexer.exe[3896] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchIndexer.exe[3896] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchIndexer.exe[3896] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchIndexer.exe[3896] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchIndexer.exe[3896] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] SHELL32.dll!ShellExecuteW 758C4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] SHELL32.dll!ShellExecuteExW 758D1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] SHELL32.dll!ShellExecuteEx 75AF9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3896] SHELL32.dll!ShellExecuteA 75AF9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] WS2_32.dll!WSASocketW 77523D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] WS2_32.dll!WSASocketA 7752B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4400] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5048] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5100] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] SHELL32.dll!ShellExecuteW 758C4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] SHELL32.dll!ShellExecuteExW 758D1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] SHELL32.dll!ShellExecuteEx 75AF9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] SHELL32.dll!ShellExecuteA 75AF9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5136] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\NOTEPAD.EXE[5484] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\NOTEPAD.EXE[5484] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\NOTEPAD.EXE[5484] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\NOTEPAD.EXE[5484] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\NOTEPAD.EXE[5484] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\NOTEPAD.EXE[5484] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] SHELL32.dll!ShellExecuteW 758C4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] SHELL32.dll!ShellExecuteExW 758D1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] SHELL32.dll!ShellExecuteEx 75AF9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] SHELL32.dll!ShellExecuteA 75AF9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5484] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Windows\system32\NOTEPAD.EXE[5592] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\NOTEPAD.EXE[5592] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\NOTEPAD.EXE[5592] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\NOTEPAD.EXE[5592] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\NOTEPAD.EXE[5592] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\NOTEPAD.EXE[5592] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] SHELL32.dll!ShellExecuteW 758C4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] SHELL32.dll!ShellExecuteExW 758D1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] SHELL32.dll!ShellExecuteEx 75AF9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] SHELL32.dll!ShellExecuteA 75AF9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\NOTEPAD.EXE[5592] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] ntdll.dll!NtAllocateVirtualMemory 773C4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] ntdll.dll!NtClose 773C4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] ntdll.dll!NtCreateFile 773C4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] ntdll.dll!NtCreateProcess 773C4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] ntdll.dll!NtCreateProcessEx 773C4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] ntdll.dll!NtDeleteFile 773C4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] ntdll.dll!NtFreeVirtualMemory 773C4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] ntdll.dll!NtLoadDriver 773C4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] ntdll.dll!NtOpenFile 773C4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] ntdll.dll!NtProtectVirtualMemory 773C51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] ntdll.dll!NtSetInformationProcess 773C5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] ntdll.dll!NtUnloadDriver 773C5C00 1 Byte [E9] .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] ntdll.dll!NtUnloadDriver 773C5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] ntdll.dll!NtWriteVirtualMemory 773C5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] ntdll.dll!RtlAllocateHeap 773D20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] ntdll.dll!LdrUnloadDll 773DBEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] ntdll.dll!LdrGetProcedureAddress 773DEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] ntdll.dll!LdrLoadDll 773DF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!CreateProcessW 76E0202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!CreateProcessA 76E02062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!OpenFile 76E3410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!CreateProcessAsUserW 76E379B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!CopyFileW 76E38C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!MoveFileW 76E3A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!CopyFileExW 76E407BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!VirtualProtect 76E450AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!DeleteFileW 76E4656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!DeleteFileA 76E48BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!LoadLibraryExW 76E4B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!LoadLibraryExA 76E4BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!MoveFileWithProgressW 76E4BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!MoveFileExW 76E4BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!CreateFileW 76E50B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!GetProcAddress 76E51857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!GetModuleHandleW 76E519C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!LoadLibraryA 76E52884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!LoadLibraryW 76E528D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!GetModuleHandleA 76E528F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!CreateFileA 76E5291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!MoveFileExA 76E63013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!MoveFileWithProgressA 76E63033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!CopyFileA 76E67D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!MoveFileA 76E8AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!CopyFileExA 76E8BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!WinExec 76E8E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] kernel32.dll!LoadModule 76E8EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] ADVAPI32.dll!CreateProcessAsUserA 769C14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] ole32.dll!CoGetClassObject 76AAA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] ole32.dll!CoCreateInstanceEx 76AC594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] USER32.dll!UnhookWindowsHookEx 772BCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] USER32.dll!UnhookWinEvent 772BD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] USER32.dll!SetWindowsHookExW 772C210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] USER32.dll!SetWinEventHook 772C507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] USER32.dll!SetWindowsHookExA 772E6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] USER32.dll!EndTask 772FFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] WININET.dll!InternetConnectA 76C05456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] WININET.dll!InternetConnectW 76C05AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] shell32.dll!ShellExecuteW 758C4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] shell32.dll!ShellExecuteExW 758D1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] shell32.dll!ShellExecuteEx 75AF9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[5640] shell32.dll!ShellExecuteA 75AF9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73D22494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73D05624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73D056E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73D2250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73D18573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73D14D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73D150CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73D151A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73D166D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73D182CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73D18819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73D1907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73D1E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73D14C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0058D160] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0058C840] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [0058D260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0058D1E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0058D1A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [0058BFA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [0058C8D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [0058C990] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [0058BF40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [0058C430] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [0058C3A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [0058CA50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [0058BFF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [0058CF20] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawEdge] [0058CED0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [0058C1F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [0058CBD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [0058CD10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [0058C0E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [0058C260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetScrollPos] [0058C050] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [0058BF40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHELL32.dll [USER32.dll!RegisterClassW] [0058C990] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [0058CE50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [0058C430] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [0058CA50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!DeleteObject] [0058BFA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0058D160] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0058D1E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0058D160] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [0058D1A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\ole32.dll [GDI32.dll!DeleteObject] [0058BFA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\ole32.dll [USER32.dll!CallWindowProcW] [0058C260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSysColor] [0058BF40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSystemMetrics] [0058CA50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [0058CBD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\ole32.dll [USER32.dll!RegisterClassW] [0058C990] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\ole32.dll [USER32.dll!DefWindowProcW] [0058C430] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0058D160] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0058D1E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0058D1A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2104] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167d3b3e9 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF7 0x3C 0x7E 0x62 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167d3b3e9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF7 0x3C 0x7E 0x62 ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!! Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior ---- EOF - GMER 1.0.15 ----