GMER 1.0.15.15627 - http://www.gmer.net Rootkit scan 2011-05-08 12:35:09 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 SAMSUNG_HD160JJ rev.ZM100-47 Running: k1w2w5rf.exe; Driver: C:\Users\MICHA~1\AppData\Local\Temp\afrdrpoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9191B728] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9191B7D8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9191B870] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x9192F652] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 83259589 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8327E092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 23C 8328584C 4 Bytes [28, B7, 91, 91] .text ntkrnlpa.exe!RtlSidHashLookup + 3FC 83285A0C 4 Bytes [D8, B7, 91, 91] .text ntkrnlpa.exe!RtlSidHashLookup + 54C 83285B5C 4 Bytes [70, B8, 91, 91] {JO 0xffffffffffffffba; XCHG ECX, EAX; XCHG ECX, EAX} PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8341F2CB 5 Bytes JMP 9192B1EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 83439003 5 Bytes JMP 9192CCA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!NtCreateSection 834471B3 7 Bytes JMP 9192F656 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ? C:\Users\MICHA~1\AppData\Local\Temp\ALSysIO.sys Nie można odnaleźć określonego pliku. ! PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A803C000 68 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 4FD5 A803C045 180 Bytes [8B, C6, F0, 0F, BA, 28, 00, ...] PAGE spsys.sys!?SPRevision@@3PADA + 508A A803C0FA 22 Bytes [A8, 53, 8B, D0, 8B, D9, F0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50A1 A803C111 17 Bytes [87, 01, 6A, 00, 6A, 20, A3, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A803C123 7 Bytes [75, 03, A8, FE, 05, 34, 75] PAGE ... .text sechost.dll!SetServiceObjectSecurity 777E5181 5 Bytes [E9, BA, 4B, 52, ED] {JMP 0xffffffffed524bbf} .text sechost.dll!ChangeServiceConfigA 777E5254 5 Bytes [E9, 87, 28, 52, ED] {JMP 0xffffffffed52288c} .text sechost.dll!ChangeServiceConfigW 777E53D5 5 Bytes [E9, F6, 2A, 52, ED] {JMP 0xffffffffed522afb} .text sechost.dll!ChangeServiceConfig2A 777E54C2 5 Bytes [E9, C9, 2D, 52, ED] {JMP 0xffffffffed522dce} .text sechost.dll!ChangeServiceConfig2W 777E55E2 5 Bytes [E9, D9, 2D, 52, ED] {JMP 0xffffffffed522dde} .text sechost.dll!CreateServiceA 777E567C 5 Bytes [E9, FF, 86, 84, 98] {JMP 0xffffffff98848704} .text sechost.dll!CreateServiceW 777E589F 5 Bytes [E9, FC, 81, 84, 98] {JMP 0xffffffff98848201} .text sechost.dll!DeleteService 777E5A22 5 Bytes [E9, B9, 1E, 52, ED] {JMP 0xffffffffed521ebe} .text sechost.dll!OpenServiceW 777E714B 7 Bytes [E9, E0, 66, 84, 98, CC, CC] {JMP 0xffffffff988466e5; INT 3 ; INT 3 } .text sechost.dll!OpenServiceA 777E7245 7 Bytes [E9, 46, 63, 84, 98, CC, CC] {JMP 0xffffffff9884634b; INT 3 ; INT 3 } .text advapi32.dll!CreateProcessAsUserA 771A14FD 5 Bytes [E9, EE, 56, E8, 98] {JMP 0xffffffff98e856f3} .text user32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes [E9, 30, F0, 28, EE] {JMP 0xffffffffee28f035} .text user32.dll!UnhookWinEvent 76A7D924 5 Bytes [E9, 77, DF, 28, EE] {JMP 0xffffffffee28df7c} .text user32.dll!SetWindowsHookExW 76A8210A 5 Bytes [E9, 21, 9A, 28, EE] {JMP 0xffffffffee289a26} .text user32.dll!SetWinEventHook 76A8507E 5 Bytes [E9, 9D, 66, 28, EE] {JMP 0xffffffffee2866a2} .text user32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes [E9, B1, 4B, 26, EE] {JMP 0xffffffffee264bb6} .text user32.dll!EndTask 76ABFD8E 5 Bytes [E9, 2D, E6, 56, 99] {JMP 0xffffffff9956e632} .text kernel32.dll!CreateProcessW 7685202D 5 Bytes [E9, 5E, 57, 7D, 99] {JMP 0xffffffff997d5763} .text kernel32.dll!CreateProcessA 76852062 5 Bytes [E9, B9, 62, 7D, 99] {JMP 0xffffffff997d62be} .text kernel32.dll!OpenFile 7688410F 5 Bytes [E9, 8C, 8B, 7A, 99] {JMP 0xffffffff997a8b91} .text kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes [E9, 07, E9, 79, 99] {JMP 0xffffffff9979e90c} .text kernel32.dll!CopyFileW 76888C8F 5 Bytes [E9, 8C, 3F, 7A, 99] {JMP 0xffffffff997a3f91} .text kernel32.dll!MoveFileW 7688A173 5 Bytes [E9, 28, 2A, 7A, 99] {JMP 0xffffffff997a2a2d} .text kernel32.dll!CopyFileExW 768907BB 7 Bytes [E9, 20, C4, 79, 99, CC, CC] {JMP 0xffffffff9979c425; INT 3 ; INT 3 } .text kernel32.dll!VirtualProtect 768950AB 5 Bytes [E9, 70, 79, 79, 99] {JMP 0xffffffff99797975} .text kernel32.dll!DeleteFileW 7689656B 5 Bytes [E9, 70, 65, 79, 99] {JMP 0xffffffff99796575} .text kernel32.dll!DeleteFileA 76898BB6 5 Bytes [E9, 45, 3F, 79, 99] {JMP 0xffffffff99793f4a} .text kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes [E9, FC, 15, 79, 99] {JMP 0xffffffff99791601} .text kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes [E9, 50, 10, 79, 99] {JMP 0xffffffff99791055} .text kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes [E9, 17, 0C, 79, 99] {JMP 0xffffffff99790c1c} .text kernel32.dll!MoveFileExW 7689BF28 5 Bytes [E9, 33, 0C, 79, 99] {JMP 0xffffffff99790c38} .text kernel32.dll!CreateFileW 768A0B7D 5 Bytes [E9, DE, C0, 78, 99] {JMP 0xffffffff9978c0e3} .text kernel32.dll!GetProcAddress 768A1857 5 Bytes [E9, C4, B4, 78, 99] {JMP 0xffffffff9978b4c9} .text kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes [E9, DA, B0, 78, 99] {JMP 0xffffffff9978b0df} .text kernel32.dll!LoadLibraryA 768A2884 5 Bytes [E9, F7, A1, 78, 99] {JMP 0xffffffff9978a1fc} .text kernel32.dll!LoadLibraryW 768A28D2 5 Bytes [E9, 89, A1, 78, 99] {JMP 0xffffffff9978a18e} .text kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes [E9, C4, A1, 78, 99] {JMP 0xffffffff9978a1c9} .text kernel32.dll!CreateFileA 768A291C 5 Bytes [E9, 5F, A3, 78, 99] {JMP 0xffffffff9978a364} .text kernel32.dll!MoveFileExA 768B3013 5 Bytes [E9, 68, 9B, 77, 99] {JMP 0xffffffff99779b6d} .text kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes [E9, 08, 9B, 77, 99] {JMP 0xffffffff99779b0d} .text kernel32.dll!CopyFileA 768B7D1C 5 Bytes [E9, 1F, 4F, 77, 99] {JMP 0xffffffff99774f24} .text kernel32.dll!MoveFileA 768DAD89 5 Bytes [E9, 32, 1E, 75, 99] {JMP 0xffffffff99751e37} .text kernel32.dll!CopyFileExA 768DBBE1 5 Bytes [E9, 1A, 10, 75, 99] {JMP 0xffffffff9975101f} .text kernel32.dll!WinExec 768DE76D 5 Bytes [E9, CE, E2, 74, 99] {JMP 0xffffffff9974e2d3} .text kernel32.dll!LoadModule 768DEC86 5 Bytes [E9, 75, E0, 74, 99] {JMP 0xffffffff9974e07a} .text ole32.dll!CoGetClassObject 7672A394 5 Bytes [E9, 67, 42, 90, 99] {JMP 0xffffffff9990426c} .text ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes [E9, EC, 8E, 8E, 99] {JMP 0xffffffff998e8ef1} .text shell32.dll!ShellExecuteW 75AB4250 5 Bytes [E9, 8B, 87, 57, 9A] {JMP 0xffffffff9a578790} .text shell32.dll!ShellExecuteExW 75AC1BCC 5 Bytes [E9, CF, AD, 56, 9A] {JMP 0xffffffff9a56add4} .text shell32.dll!ShellExecuteEx 75CE9B12 5 Bytes [E9, A9, 2E, 34, 9A] {JMP 0xffffffff9a342eae} .text shell32.dll!ShellExecuteA 75CE9BAD 5 Bytes [E9, 4E, 2E, 34, 9A] {JMP 0xffffffff9a342e53} ---- User code sections - GMER 1.0.15 ---- .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] shell32.dll!ShellExecuteW 75AB4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] shell32.dll!ShellExecuteExW 75AC1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] shell32.dll!ShellExecuteEx 75CE9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] shell32.dll!ShellExecuteA 75CE9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Michał\Desktop\k1w2w5rf.exe[312] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] ntdll.dll!LdrUnloadDll 7765BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] WS2_32.dll!WSASocketW 76A23D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] WS2_32.dll!WSASocketA 76A2B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] SHELL32.dll!ShellExecuteW 75AB4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] SHELL32.dll!ShellExecuteExW 75AC1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] SHELL32.dll!ShellExecuteEx 75CE9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] SHELL32.dll!ShellExecuteA 75CE9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] WININET.dll!InternetConnectA 76C35456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[392] WININET.dll!InternetConnectW 76C35AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 00744760 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wininit.exe[524] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wininit.exe[524] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wininit.exe[524] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wininit.exe[524] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wininit.exe[524] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] WS2_32.dll!WSASocketW 76A23D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[524] WS2_32.dll!WSASocketA 76A2B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\system32\services.exe[572] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\services.exe[572] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\services.exe[572] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\services.exe[572] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\services.exe[572] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\services.exe[572] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] WS2_32.dll!WSASocketW 76A23D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[572] WS2_32.dll!WSASocketA 76A2B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\system32\lsass.exe[592] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\lsass.exe[592] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\lsass.exe[592] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\lsass.exe[592] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\lsass.exe[592] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\lsass.exe[592] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] WS2_32.dll!WSASocketW 76A23D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[592] WS2_32.dll!WSASocketA 76A2B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[604] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\lsm.exe[604] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\winlogon.exe[668] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\winlogon.exe[668] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\winlogon.exe[668] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\winlogon.exe[668] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\winlogon.exe[668] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\winlogon.exe[668] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\winlogon.exe[668] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[764] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[764] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[764] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[764] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[764] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[764] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[764] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[764] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\system32\nvvsvc.exe[848] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\nvvsvc.exe[848] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\nvvsvc.exe[848] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\nvvsvc.exe[848] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\nvvsvc.exe[848] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\nvvsvc.exe[848] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] SHELL32.dll!ShellExecuteW 75AB4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] SHELL32.dll!ShellExecuteExW 75AC1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] SHELL32.dll!ShellExecuteEx 75CE9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[848] SHELL32.dll!ShellExecuteA 75CE9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] WS2_32.dll!WSASocketW 76A23D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] WS2_32.dll!WSASocketA 76A2B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[888] user32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[888] user32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[888] user32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[888] user32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[888] user32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[888] user32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[940] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 0050ED30 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[940] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 005266C0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[940] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[940] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[940] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[940] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[940] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[940] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[940] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1020] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1020] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1020] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1020] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1020] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\system32\atiesrxx.exe[1092] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\atiesrxx.exe[1092] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\atiesrxx.exe[1092] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\atiesrxx.exe[1092] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\atiesrxx.exe[1092] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\atiesrxx.exe[1092] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atiesrxx.exe[1092] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[1132] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[1132] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[1132] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[1132] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[1132] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] WS2_32.dll!WSASocketW 76A23D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] WS2_32.dll!WSASocketA 76A2B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] shell32.dll!ShellExecuteW 75AB4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] shell32.dll!ShellExecuteExW 75AC1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] shell32.dll!ShellExecuteEx 75CE9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1132] shell32.dll!ShellExecuteA 75CE9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\System32\svchost.exe[1172] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[1172] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[1172] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[1172] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[1172] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[1172] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1200] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1200] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1200] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] WS2_32.dll!WSASocketW 76A23D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1200] WS2_32.dll!WSASocketA 76A2B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1356] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1356] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1356] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1356] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1356] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] WS2_32.dll!WSASocketW 76A23D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1356] WS2_32.dll!WSASocketA 76A2B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] SHELL32.dll!ShellExecuteW 75AB4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] SHELL32.dll!ShellExecuteExW 75AC1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] SHELL32.dll!ShellExecuteEx 75CE9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1444] SHELL32.dll!ShellExecuteA 75CE9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] ntdll.dll!LdrUnloadDll 7765BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!SetUnhandledExceptionFilter 768A3162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] WS2_32.dll!WSASocketW 76A23D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] WS2_32.dll!WSASocketA 76A2B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] SHELL32.dll!ShellExecuteW 75AB4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] SHELL32.dll!ShellExecuteExW 75AC1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] SHELL32.dll!ShellExecuteEx 75CE9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] SHELL32.dll!ShellExecuteA 75CE9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] wininet.dll!InternetConnectA 76C35456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1520] wininet.dll!InternetConnectW 76C35AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\system32\atieclxx.exe[1528] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\atieclxx.exe[1528] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\atieclxx.exe[1528] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\atieclxx.exe[1528] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\atieclxx.exe[1528] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\atieclxx.exe[1528] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\atieclxx.exe[1528] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1560] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\system32\nvvsvc.exe[1572] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\nvvsvc.exe[1572] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\nvvsvc.exe[1572] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\nvvsvc.exe[1572] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\nvvsvc.exe[1572] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\nvvsvc.exe[1572] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] SHELL32.dll!ShellExecuteW 75AB4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] SHELL32.dll!ShellExecuteExW 75AC1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] SHELL32.dll!ShellExecuteEx 75CE9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\nvvsvc.exe[1572] SHELL32.dll!ShellExecuteA 75CE9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1704] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1704] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1704] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1704] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1704] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1704] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] WS2_32.dll!WSASocketW 76A23D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1704] WS2_32.dll!WSASocketA 76A2B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\System32\spoolsv.exe[1860] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\spoolsv.exe[1860] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\spoolsv.exe[1860] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\spoolsv.exe[1860] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\spoolsv.exe[1860] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\spoolsv.exe[1860] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] WS2_32.dll!WSASocketW 76A23D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1860] WS2_32.dll!WSASocketA 76A2B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\system32\Dwm.exe[1976] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\Dwm.exe[1976] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\Dwm.exe[1976] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\Dwm.exe[1976] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\Dwm.exe[1976] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\Dwm.exe[1976] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1976] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\Explorer.EXE[2000] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\Explorer.EXE[2000] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\Explorer.EXE[2000] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\Explorer.EXE[2000] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\Explorer.EXE[2000] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] SHELL32.dll!ShellExecuteW 75AB4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] SHELL32.dll!ShellExecuteExW 75AC1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] SHELL32.dll!ShellExecuteEx 75CE9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] SHELL32.dll!ShellExecuteA 75CE9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[2000] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\system32\taskhost.exe[2092] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskhost.exe[2092] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskhost.exe[2092] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskhost.exe[2092] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskhost.exe[2092] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskhost.exe[2092] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2092] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\system32\taskeng.exe[2220] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskeng.exe[2220] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskeng.exe[2220] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskeng.exe[2220] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskeng.exe[2220] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskeng.exe[2220] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2220] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] SHELL32.dll!ShellExecuteW 75AB4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] SHELL32.dll!ShellExecuteExW 75AC1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] SHELL32.dll!ShellExecuteEx 75CE9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2348] SHELL32.dll!ShellExecuteA 75CE9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Program Files\Core Temp\Core Temp.exe[2356] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Core Temp\Core Temp.exe[2356] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Core Temp\Core Temp.exe[2356] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Core Temp\Core Temp.exe[2356] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Core Temp\Core Temp.exe[2356] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Core Temp\Core Temp.exe[2356] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] SHELL32.dll!ShellExecuteW 75AB4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] SHELL32.dll!ShellExecuteExW 75AC1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] SHELL32.dll!ShellExecuteEx 75CE9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Core Temp\Core Temp.exe[2356] SHELL32.dll!ShellExecuteA 75CE9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!SetUnhandledExceptionFilter 768A3162 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] SHELL32.dll!ShellExecuteW 75AB4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] SHELL32.dll!ShellExecuteExW 75AC1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] SHELL32.dll!ShellExecuteEx 75CE9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\real\realplayer\Update\realsched.exe[2364] SHELL32.dll!ShellExecuteA 75CE9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] WININET.dll!InternetConnectA 76C35456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] WININET.dll!InternetConnectW 76C35AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] SHELL32.dll!ShellExecuteW 75AB4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] SHELL32.dll!ShellExecuteExW 75AC1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] SHELL32.dll!ShellExecuteEx 75CE9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] SHELL32.dll!ShellExecuteA 75CE9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] SHELL32.dll!ShellExecuteW 75AB4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] SHELL32.dll!ShellExecuteExW 75AC1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] SHELL32.dll!ShellExecuteEx 75CE9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] SHELL32.dll!ShellExecuteA 75CE9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] WININET.dll!InternetConnectA 76C35456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[2404] WININET.dll!InternetConnectW 76C35AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Program Files\Pidgin\pidgin.exe[2436] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] ntdll.dll!KiUserExceptionDispatcher 77646298 5 Bytes JMP 1002C750 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] ADVAPI32.DLL!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] SHELL32.DLL!ShellExecuteW 75AB4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] SHELL32.DLL!ShellExecuteExW 75AC1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] SHELL32.DLL!ShellExecuteEx 75CE9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] SHELL32.DLL!ShellExecuteA 75CE9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Pidgin\pidgin.exe[2436] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Pidgin\pidgin.exe[2436] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Pidgin\pidgin.exe[2436] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Pidgin\pidgin.exe[2436] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Pidgin\pidgin.exe[2436] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Pidgin\pidgin.exe[2436] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2460] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] ADVAPI32.DLL!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] SHELL32.dll!ShellExecuteW 75AB4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] SHELL32.dll!ShellExecuteExW 75AC1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] SHELL32.dll!ShellExecuteEx 75CE9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] SHELL32.dll!ShellExecuteA 75CE9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] OLE32.DLL!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MagicDisc\MagicDisc.exe[2488] OLE32.DLL!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] SHELL32.dll!ShellExecuteW 75AB4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] SHELL32.dll!ShellExecuteExW 75AC1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] SHELL32.dll!ShellExecuteEx 75CE9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2536] SHELL32.dll!ShellExecuteA 75CE9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] SHELL32.dll!ShellExecuteW 75AB4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] SHELL32.dll!ShellExecuteExW 75AC1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] SHELL32.dll!ShellExecuteEx 75CE9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] SHELL32.dll!ShellExecuteA 75CE9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] WININET.dll!InternetConnectA 76C35456 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Application Updater\ApplicationUpdater.exe[2620] WININET.dll!InternetConnectW 76C35AD2 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 001ECE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] ntdll.dll!NtClose 77644770 5 Bytes JMP 001DCD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 001ECDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 001ECE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 001ECE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 001ECE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 001EC490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 001ECDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 001ECDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 001EC440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 001ECD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[2648] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 001ECD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 001ECE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 001EC4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 001DCE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 001ECD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 001EA630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 001E7790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 001E8320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 001ECCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 001E62C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 001ECC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 001ECBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 001ECBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 001ECA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 001ECAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 001ECB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 001ECCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 001ECCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 001ECB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 001ECB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 001ECC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 001ECD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 001ECAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 001ECA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 001ECA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 001ECAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 001ECC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 001ECB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 001ECB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 001ECC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 001ECBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 001ECC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 001ECA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 001ECD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 001E6BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[2648] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[2648] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[2648] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[2648] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[2648] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 001EE3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 001EE600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 001EE840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] SHELL32.dll!ShellExecuteW 75AB4250 5 Bytes JMP 001EC9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] SHELL32.dll!ShellExecuteExW 75AC1BCC 5 Bytes JMP 001EC9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] SHELL32.dll!ShellExecuteEx 75CE9B12 5 Bytes JMP 001EC9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2648] SHELL32.dll!ShellExecuteA 75CE9BAD 5 Bytes JMP 001ECA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\System32\svchost.exe[2668] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[2668] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[2668] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[2668] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[2668] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[2668] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] WS2_32.dll!WSASocketW 76A23D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2668] WS2_32.dll!WSASocketA 76A2B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 03D6CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] ntdll.dll!NtClose 77644770 5 Bytes JMP 03D5CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 03D6CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 03D6CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 03D6CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 03D6CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 03D6C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 03D6CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 03D6CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 03D6C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 03D6CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 03D6CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 03D6CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 03D6C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 03D5CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 03D6CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 03D6A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 03D67790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 03D68320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 03D6CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 03D662C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 03D6CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 03D6CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 03D6CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 03D6CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 03D6CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 03D6CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 03D6CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 03D6CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 03D6CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 03D6CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 03D6CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 03D6CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 03D6CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 03D6CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 03D6CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 03D6CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 03D6CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 03D6CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 03D6CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 03D6CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 03D6CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 03D6CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 03D6CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 03D6CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 03D6E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 03D66BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] WS2_32.dll!WSASocketW 76A23D1B 7 Bytes JMP 03D6C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] WS2_32.dll!WSASocketA 76A2B7FC 5 Bytes JMP 03D6C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 03D6E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 03D6E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] SHELL32.dll!ShellExecuteW 75AB4250 5 Bytes JMP 03D6C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] SHELL32.dll!ShellExecuteExW 75AC1BCC 5 Bytes JMP 03D6C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] SHELL32.dll!ShellExecuteEx 75CE9B12 5 Bytes JMP 03D6C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2716] SHELL32.dll!ShellExecuteA 75CE9BAD 5 Bytes JMP 03D6CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] SHELL32.dll!ShellExecuteW 75AB4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] SHELL32.dll!ShellExecuteExW 75AC1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] SHELL32.dll!ShellExecuteEx 75CE9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] SHELL32.dll!ShellExecuteA 75CE9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2740] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\System32\svchost.exe[2820] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[2820] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[2820] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[2820] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[2820] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[2820] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] WS2_32.dll!WSASocketW 76A23D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2820] WS2_32.dll!WSASocketA 76A2B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2864] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[3036] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[3036] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[3036] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[3036] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[3036] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[3036] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3036] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] WS2_32.dll!WSASocketW 76A23D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] WS2_32.dll!WSASocketA 76A2B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3296] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\system32\SearchIndexer.exe[3576] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchIndexer.exe[3576] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchIndexer.exe[3576] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchIndexer.exe[3576] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchIndexer.exe[3576] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchIndexer.exe[3576] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] SHELL32.dll!ShellExecuteW 75AB4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] SHELL32.dll!ShellExecuteExW 75AC1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] SHELL32.dll!ShellExecuteEx 75CE9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3576] SHELL32.dll!ShellExecuteA 75CE9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3704] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] SHELL32.dll!ShellExecuteW 75AB4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] SHELL32.dll!ShellExecuteExW 75AC1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] SHELL32.dll!ShellExecuteEx 75CE9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] SHELL32.dll!ShellExecuteA 75CE9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3904] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] ntdll.dll!NtAllocateVirtualMemory 77644580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] ntdll.dll!NtClose 77644770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] ntdll.dll!NtCreateFile 77644870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] ntdll.dll!NtCreateProcess 77644940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] ntdll.dll!NtCreateProcessEx 77644950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] ntdll.dll!NtDeleteFile 77644AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] ntdll.dll!NtFreeVirtualMemory 77644C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] ntdll.dll!NtLoadDriver 77644E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] ntdll.dll!NtOpenFile 77644F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] ntdll.dll!NtProtectVirtualMemory 776451C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] ntdll.dll!NtSetInformationProcess 77645920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] ntdll.dll!NtUnloadDriver 77645C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[4048] ntdll.dll!NtUnloadDriver 77645C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] ntdll.dll!NtWriteVirtualMemory 77645D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] ntdll.dll!RtlAllocateHeap 776520B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] ntdll.dll!LdrGetProcedureAddress 7765EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!CreateProcessW 7685202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!CreateProcessA 76852062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!OpenFile 7688410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!CreateProcessAsUserW 768879B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!CopyFileW 76888C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!MoveFileW 7688A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!CopyFileExW 768907BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!VirtualProtect 768950AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!DeleteFileW 7689656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!DeleteFileA 76898BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!LoadLibraryExW 7689B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!LoadLibraryExA 7689BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!MoveFileWithProgressW 7689BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!MoveFileExW 7689BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!CreateFileW 768A0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!GetProcAddress 768A1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!GetModuleHandleW 768A19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!LoadLibraryA 768A2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!LoadLibraryW 768A28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!GetModuleHandleA 768A28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!CreateFileA 768A291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!MoveFileExA 768B3013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!MoveFileWithProgressA 768B3033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!CopyFileA 768B7D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!MoveFileA 768DAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!CopyFileExA 768DBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!WinExec 768DE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] kernel32.dll!LoadModule 768DEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] ole32.dll!CoGetClassObject 7672A394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] ole32.dll!CoCreateInstanceEx 7674594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[4048] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[4048] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[4048] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[4048] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[4048] USER32.dll!EndTask 76ABFD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[4048] ADVAPI32.dll!CreateProcessAsUserA 771A14FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[5864] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\sppsvc.exe[5864] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\sppsvc.exe[5864] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\sppsvc.exe[5864] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\sppsvc.exe[5864] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\sppsvc.exe[5864] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\sppsvc.exe[5864] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[5904] ntdll.dll!LdrUnloadDll 7765BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[5904] ntdll.dll!LdrLoadDll 7765F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[5904] USER32.dll!UnhookWindowsHookEx 76A7CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[5904] USER32.dll!UnhookWinEvent 76A7D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[5904] USER32.dll!SetWindowsHookExW 76A8210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[5904] USER32.dll!SetWinEventHook 76A8507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[5904] USER32.dll!SetWindowsHookExA 76AA6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0058D160] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0058C840] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [0058D260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0058D1E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0058D1A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [0058BFA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [0058C8D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [0058C990] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [0058BF40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [0058C430] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [0058C3A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [0058CA50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [0058BFF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [0058CF20] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawEdge] [0058CED0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [0058C1F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [0058CBD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [0058CD10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [0058C0E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [0058C260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetScrollPos] [0058C050] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [0058BF40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHELL32.dll [USER32.dll!RegisterClassW] [0058C990] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [0058CE50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [0058C430] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [0058CA50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!DeleteObject] [0058BFA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0058D160] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0058D1E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0058D160] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [0058D1A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\ole32.dll [GDI32.dll!DeleteObject] [0058BFA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\ole32.dll [USER32.dll!CallWindowProcW] [0058C260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSysColor] [0058BF40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSystemMetrics] [0058CA50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [0058CBD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\ole32.dll [USER32.dll!RegisterClassW] [0058C990] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\ole32.dll [USER32.dll!DefWindowProcW] [0058C430] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0058D160] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0058D1E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0058D1A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[520] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74052494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74035624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740356E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7405250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74048573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74044D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [740450CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740451A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [740466D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [740482CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74048819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7404907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7404E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74044C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) ---- Threads - GMER 1.0.15 ---- Thread System [4:5900] A8049F2E ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167d3b3e9 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF7 0x3C 0x7E 0x62 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167d3b3e9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF7 0x3C 0x7E 0x62 ... ---- EOF - GMER 1.0.15 ----