Profilaktyczne sprawdzenie logów.

**Posty:** 12734 · przez **Mikou@j** 16 Mar 2012, 12:43

Proszę profilaktycznie przejrzeć logi i najwyżej usunąć niepotrzebne śmieci

Kod: Zaznacz wszystko: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-16 11:38:32 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.01.0 Running: 9p7qn2ov.exe; Driver: C:\Users\Justynka\AppData\Local\Temp\pfldqpod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8937CE9C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8937D088] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8937C1FC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8937CB02] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8937C8B6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8937DC00] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8937BBE8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8937D2B6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8937D632] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8937C4C4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8937CCDE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8937C75E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8937D91E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8937C42E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8937C64A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x8937BFFE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8937BDEC] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 82E533D9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E8CD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82E93DCC 4 Bytes [9C, CE, 37, 89] .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82E93DF4 4 Bytes [88, D0, 37, 89] .text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82E93E88 4 Bytes [FC, C1, 37, 89] {CLD ; SAL DWORD [EDI], 0x89} .text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 82E93EA4 4 Bytes [02, CB, 37, 89] .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82E93EEC 4 Bytes [B6, C8, 37, 89] .text ... .text kernel32.dll!CreateProcessW 7780204D 5 Bytes [E9, BE, 2E, 82, 98] {JMP 0xffffffff98822ec3} .text kernel32.dll!CreateProcessA 77802082 5 Bytes [E9, 19, 3A, 82, 98] {JMP 0xffffffff98823a1e} .text kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes [E9, 8C, E0, 7E, 98] {JMP 0xffffffff987ee091} .text gdi32.dll!DeleteDC 77776EAA 3 Bytes [E9, F1, 1C] .text gdi32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text gdi32.dll!GetPixel 7777C3D5 5 Bytes [E9, 96, C5, 8A, 98] {JMP 0xffffffff988ac59b} .text gdi32.dll!CreateDCA 7777CCA9 5 Bytes [E9, F2, CF, 8A, 98] {JMP 0xffffffff988acff7} .text gdi32.dll!CreateDCW 7777CF79 5 Bytes [E9, 22, CC, 8A, 98] {JMP 0xffffffff988acc27} .text advapi32.dll!CreateProcessAsUserA 76202538 5 Bytes [E9, 33, 1E, E2, 99] {JMP 0xffffffff99e21e38} ---- User code sections - GMER 1.0.15 ---- .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[112] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[112] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[112] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[112] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[112] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[112] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[112] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[112] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[112] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[112] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[112] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[112] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[112] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[232] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 0033B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[232] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 0032D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[232] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 0032D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[232] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 00337DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[232] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 00334F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[232] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 00335AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[232] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 00333A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[232] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 00334370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[232] GDI32.dll!DeleteDC 77776EAA 5 Bytes JMP 00338BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[232] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 00338970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[232] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 00339CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[232] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 00339BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\csrss.exe[440] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 75CB1BA0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\csrss.exe[440] ntdll.dll!NtReplyWaitReceivePort 77B16418 5 Bytes JMP 75CB1450 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\csrss.exe[440] ntdll.dll!NtReplyWaitReceivePortEx 77B16428 5 Bytes JMP 75CB17F0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[444] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[444] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[444] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[444] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[444] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[444] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[444] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[444] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[444] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[444] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[444] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[444] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[444] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!RegisterRawInputDevices 77C35B52 5 Bytes JMP 10018E40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!SystemParametersInfoA 77C380E0 7 Bytes JMP 1001C5D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!SetParent 77C38314 5 Bytes JMP 100188C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!EnableWindow 77C38D02 5 Bytes JMP 10017DE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!MoveWindow 77C38D29 5 Bytes JMP 10018B60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!GetAsyncKeyState 77C3A256 5 Bytes JMP 10019060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!RegisterHotKey 77C3AA19 5 Bytes JMP 10018080 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!PostThreadMessageA 77C3AD09 5 Bytes JMP 1001B8C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!SendMessageA 77C3AD60 5 Bytes JMP 1001B380 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!PostMessageA 77C3B446 5 Bytes JMP 1001BE00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!SendNotifyMessageW 77C3C88A 5 Bytes JMP 1001A0A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!SystemParametersInfoW 77C3E09A 7 Bytes JMP 1001C3B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!SetWindowsHookExW 77C3E30C 5 Bytes JMP 1001C7F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!SendMessageTimeoutW 77C3E459 5 Bytes JMP 1001AB60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!PostThreadMessageW 77C3EEFC 5 Bytes JMP 1001B620 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!SetWinEventHook 77C424DC 5 Bytes JMP 1001C0A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!GetKeyState 77C42B4D 5 Bytes JMP 10019310 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!SendMessageCallbackW 77C42F7B 5 Bytes JMP 1001A5E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!PostMessageW 77C4447B 5 Bytes JMP 1001BB60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!SendMessageW 77C45539 5 Bytes JMP 1001B0E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!GetClipboardData 77C52BA7 5 Bytes JMP 100182B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!SendNotifyMessageA 77C5493C 1 Byte [E9] .text C:\windows\system32\wininit.exe[496] USER32.dll!SendNotifyMessageA 77C5493C 5 Bytes JMP 1001A340 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!mouse_event 77C56209 5 Bytes JMP 10029650 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!SetClipboardViewer 77C56FF6 5 Bytes JMP 100186C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!SendDlgItemMessageW 77C570D8 5 Bytes JMP 10019B40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!SendDlgItemMessageA 77C57241 5 Bytes JMP 10019DF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!GetKeyboardState 77C66946 5 Bytes JMP 100195C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!BlockInput 77C66A99 5 Bytes JMP 100184C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!SetWindowsHookExA 77C66D0C 5 Bytes JMP 1001CA60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!SendMessageTimeoutA 77C66DA9 5 Bytes JMP 1001AE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!SendInput 77C67019 5 Bytes JMP 10019870 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!ExitWindowsEx 77C806C7 5 Bytes JMP 10017BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!keybd_event 77C8EC3B 5 Bytes JMP 10029860 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] USER32.dll!SendMessageCallbackA 77C93E8B 5 Bytes JMP 1001A8A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\wininit.exe[496] GDI32.dll!BitBlt 777772C0 3 Bytes JMP 100293C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] GDI32.dll!BitBlt + 4 777772C4 1 Byte [98] .text C:\windows\system32\wininit.exe[496] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] GDI32.dll!MaskBlt 7777C7AD 5 Bytes JMP 10029110 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] GDI32.dll!StretchBlt 7777F467 5 Bytes JMP 10028BE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] GDI32.dll!PlgBlt 77790F73 5 Bytes JMP 10028E80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[496] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\csrss.exe[508] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 75CB1BA0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\csrss.exe[508] ntdll.dll!NtReplyWaitReceivePort 77B16418 5 Bytes JMP 75CB1450 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\csrss.exe[508] ntdll.dll!NtReplyWaitReceivePortEx 77B16428 5 Bytes JMP 75CB17F0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[548] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[548] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[548] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[548] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[548] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[548] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[548] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[548] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[548] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\svchost.exe[548] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[548] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[548] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[548] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[556] services.exe 008F1608 4 Bytes [60, E1, 01, 10] .text C:\windows\system32\services.exe[556] services.exe 008F1618 4 Bytes [40, DC, 01, 10] .text C:\windows\system32\services.exe[556] services.exe 008F1638 4 Bytes [80, E4, 01, 10] .text C:\windows\system32\services.exe[556] services.exe 008F1648 4 Bytes [C0, DE, 01, 10] .text C:\windows\system32\services.exe[556] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[556] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[556] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[556] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[556] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[556] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[556] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[556] RPCRT4.dll!RpcServerRegisterIfEx 760109BC 5 Bytes JMP 1001F040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[556] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[556] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\services.exe[556] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[556] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[556] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[556] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[572] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[572] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[572] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[572] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[572] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[572] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[572] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[572] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[572] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\lsass.exe[572] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[572] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[572] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[572] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[580] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[580] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[580] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[580] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[580] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[580] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[580] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[580] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[580] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\lsm.exe[580] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[580] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[580] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[580] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\ApMsgFwd.exe[668] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\ApMsgFwd.exe[668] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\ApMsgFwd.exe[668] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\ApMsgFwd.exe[668] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\ApMsgFwd.exe[668] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\ApMsgFwd.exe[668] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\ApMsgFwd.exe[668] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\ApMsgFwd.exe[668] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\ApMsgFwd.exe[668] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Program Files\Apoint2K\ApMsgFwd.exe[668] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\ApMsgFwd.exe[668] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\ApMsgFwd.exe[668] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\ApMsgFwd.exe[668] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[684] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[684] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[684] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[684] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[684] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[684] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[684] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[684] RPCRT4.dll!RpcServerRegisterIfEx 760109BC 5 Bytes JMP 1001F040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[684] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[684] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\svchost.exe[684] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[684] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[684] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[684] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[744] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[744] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[744] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[744] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[744] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[744] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[744] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[744] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[744] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[744] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[744] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[744] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[744] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[768] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[768] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[768] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[768] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[768] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[768] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[768] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[768] RPCRT4.dll!RpcServerRegisterIfEx 760109BC 5 Bytes JMP 1001F040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[768] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[768] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\svchost.exe[768] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[768] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[768] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[768] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[768] rpcss.dll!CoGetComCatalog 751935EC 8 Bytes JMP ED301001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[820] ntdll.dll!NtAllocateVirtualMemory 77B152D8 5 Bytes JMP 00526240 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[820] ntdll.dll!NtCreateFile 77B155C8 5 Bytes JMP 0053F8A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[924] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[924] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[924] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[924] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[924] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[924] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[924] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[924] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[924] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\svchost.exe[924] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[924] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[924] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[924] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\TTPDSRV.exe[944] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\TTPDSRV.exe[944] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\TTPDSRV.exe[944] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\TTPDSRV.exe[944] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\TTPDSRV.exe[944] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\TTPDSRV.exe[944] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\TTPDSRV.exe[944] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\TTPDSRV.exe[944] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\TTPDSRV.exe[944] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\System32\TTPDSRV.exe[944] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\TTPDSRV.exe[944] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\TTPDSRV.exe[944] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\TTPDSRV.exe[944] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnat.exe[956] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnat.exe[956] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnat.exe[956] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnat.exe[956] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnat.exe[956] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnat.exe[956] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnat.exe[956] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnat.exe[956] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnat.exe[956] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\vmnat.exe[956] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnat.exe[956] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnat.exe[956] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnat.exe[956] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[960] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[960] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[960] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[960] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[960] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[960] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[960] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[960] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[960] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[960] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[960] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[960] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[960] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[968] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[968] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[968] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[968] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[968] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[968] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[968] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[968] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[968] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\System32\svchost.exe[968] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[968] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[968] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[968] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1016] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1016] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1016] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1016] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1016] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1016] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1016] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1016] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1016] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\System32\svchost.exe[1016] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1016] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1016] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1016] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1064] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1064] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1064] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1064] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1064] RPCRT4.dll!RpcServerRegisterIfEx 760109BC 5 Bytes JMP 1001F040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1064] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1064] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\svchost.exe[1064] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1064] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1064] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1064] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1216] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1216] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1216] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1216] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1216] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1216] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1216] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1216] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1216] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\svchost.exe[1216] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1216] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1216] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1216] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1312] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1312] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1312] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1312] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1312] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1312] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1312] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1312] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1312] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\conhost.exe[1312] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1312] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1312] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1312] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] ntdll.dll!NtAllocateVirtualMemory 77B152D8 5 Bytes JMP 1002AD40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] ntdll.dll!NtCreateFile 77B155C8 5 Bytes JMP 1002AD00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] ntdll.dll!NtCreateProcess 77B15698 5 Bytes JMP 1002ADC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] ntdll.dll!NtCreateProcessEx 77B156A8 5 Bytes JMP 1002ADA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] ntdll.dll!NtDeleteFile 77B15808 5 Bytes JMP 1002AD60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] ntdll.dll!NtFreeVirtualMemory 77B159D8 5 Bytes JMP 1002A3D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] ntdll.dll!NtLoadDriver 77B15B58 5 Bytes JMP 1002AD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] ntdll.dll!NtOpenFile 77B15CD8 5 Bytes JMP 1002ACE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] ntdll.dll!NtProtectVirtualMemory 77B15F18 5 Bytes JMP 1002A380 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] ntdll.dll!NtSetInformationProcess 77B16678 5 Bytes JMP 1002ACA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] ntdll.dll!NtUnloadDriver 77B16958 5 Bytes JMP 1002ACC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] ntdll.dll!NtWriteVirtualMemory 77B16A98 5 Bytes JMP 1002AD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] ntdll.dll!KiUserExceptionDispatcher 77B16FE8 5 Bytes JMP 1002A690 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] ntdll.dll!RtlAllocateHeap 77B22D66 5 Bytes JMP 1002A420 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] ntdll.dll!LdrGetProcedureAddress 77B32213 5 Bytes JMP 1002AC80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!CopyFileW 77836AF7 5 Bytes JMP 1002AB60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!CopyFileExW 7783B238 7 Bytes JMP 1002AB20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!DeleteFileW 778416EF 5 Bytes JMP 1002AA20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!VirtualProtect 77842BCD 5 Bytes JMP 1002A960 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!DeleteFileA 77844382 5 Bytes JMP 1002AA40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!LoadLibraryExA 77844466 5 Bytes JMP 1002AC20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!LoadLibraryExW 77845079 5 Bytes JMP 1002AC00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!MoveFileWithProgressW 77848D8C 5 Bytes JMP 1002AA60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!MoveFileExW 77848DB0 5 Bytes JMP 1002AAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!GetProcAddress 7784CC94 5 Bytes JMP 1002AC60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!GetModuleHandleW 7784CCAC 5 Bytes JMP 1002A9E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!GetModuleHandleA 7784D8F3 5 Bytes JMP 1002AA00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!LoadLibraryA 7784DC65 5 Bytes JMP 1002A9C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!CreateThread 7784DCC2 5 Bytes JMP 67DF7303 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!CreateFileW 7784E8A5 5 Bytes JMP 1002ABA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!CreateFileA 7784EA61 5 Bytes JMP 1002ABC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!LoadLibraryW 7784EF42 5 Bytes JMP 1002A9A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!OpenFile 7785D54F 5 Bytes JMP 1002ABE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!MoveFileExA 77863F78 5 Bytes JMP 1002AAC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!MoveFileWithProgressA 77863F98 5 Bytes JMP 1002AA80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!CopyFileA 77866D5A 5 Bytes JMP 1002AB80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!MoveFileW 77866ED6 5 Bytes JMP 1002AAE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!MoveFileA 7788BF49 5 Bytes JMP 1002AB00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!CopyFileExA 7788CDA1 5 Bytes JMP 1002AB40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!WinExec 7788EDB2 5 Bytes JMP 1002A980 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] kernel32.dll!LoadModule 7788F29D 5 Bytes JMP 1002AC40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!EnableWindow 77C38D02 5 Bytes JMP 67E39A14 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!CallNextHookEx 77C3ABE1 5 Bytes JMP 67E57BAF C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!UnhookWindowsHookEx 77C3ADF9 5 Bytes JMP 67E7EB00 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!DefWindowProcA 77C3BB1C 7 Bytes JMP 67DF952D C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!CreateWindowExA 77C3BF40 5 Bytes JMP 67E03363 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!SetWindowsHookExW 77C3E30C 5 Bytes JMP 67E32194 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!CreateWindowExW 77C3EC7C 5 Bytes JMP 67E5FF87 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!DefWindowProcW 77C4507D 7 Bytes JMP 67E57C12 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!DialogBoxParamW 77C53B9B 5 Bytes JMP 67D9170B C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!DialogBoxIndirectParamW 77C63B7F 5 Bytes JMP 67F86336 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!DialogBoxParamA 77C7CF42 5 Bytes JMP 67F862D1 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!DialogBoxIndirectParamA 77C7D274 5 Bytes JMP 67F8639B C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!MessageBoxIndirectA 77C8E869 5 Bytes JMP 67F86258 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!MessageBoxIndirectW 77C8E963 5 Bytes JMP 67F861DF C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!MessageBoxExA 77C8E9C9 5 Bytes JMP 67F8617B C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!MessageBoxExW 77C8E9ED 5 Bytes JMP 67F86117 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Program Files\Internet Explorer\iexplore.exe[1352] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] SHELL32.dll!ShellExecuteW 76873C59 5 Bytes JMP 1002A920 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] SHELL32.dll!ShellExecuteExW 76881E2E 5 Bytes JMP 1002A8E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] SHELL32.dll!ShellExecuteEx 76AA6FE2 5 Bytes JMP 1002A900 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] SHELL32.dll!ShellExecuteA 76AA707D 5 Bytes JMP 1002A940 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] ole32.dll!OleLoadFromStream 77976143 5 Bytes JMP 67F86B0F C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] WININET.dll!InternetConnectA 760FB75E 5 Bytes JMP 1002A8C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] WININET.dll!InternetConnectW 760FBDDA 5 Bytes JMP 1002A8A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] WS2_32.dll!closesocket 777C3918 5 Bytes JMP 716441DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] WS2_32.dll!WSASocketW 777C3CD3 7 Bytes JMP 1002A860 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] WS2_32.dll!socket 777C3EB8 5 Bytes JMP 7164354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] WS2_32.dll!getaddrinfo 777C4296 5 Bytes JMP 71643704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] WS2_32.dll!recv 777C6B0E 5 Bytes JMP 71644549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] WS2_32.dll!connect 777C6BDD 5 Bytes JMP 716435DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] WS2_32.dll!send 777C6F01 5 Bytes JMP 71643B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1352] WS2_32.dll!WSASocketA 777CC82A 5 Bytes JMP 1002A880 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!NtAllocateVirtualMemory 77B152D8 5 Bytes JMP 1002AD40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!NtCreateFile 77B155C8 5 Bytes JMP 1002AD00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!NtCreateProcess 77B15698 5 Bytes JMP 1002ADC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!NtCreateProcessEx 77B156A8 5 Bytes JMP 1002ADA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!NtDeleteFile 77B15808 5 Bytes JMP 1002AD60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!NtFreeVirtualMemory 77B159D8 5 Bytes JMP 1002A3D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!NtLoadDriver 77B15B58 5 Bytes JMP 1002AD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!NtOpenFile 77B15CD8 5 Bytes JMP 1002ACE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!NtProtectVirtualMemory 77B15F18 5 Bytes JMP 1002A380 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!NtSetInformationProcess 77B16678 5 Bytes JMP 1002ACA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!NtUnloadDriver 77B16958 5 Bytes JMP 1002ACC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!NtWriteVirtualMemory 77B16A98 5 Bytes JMP 1002AD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!KiUserExceptionDispatcher 77B16FE8 5 Bytes JMP 1002A690 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!RtlAllocateHeap 77B22D66 5 Bytes JMP 1002A420 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!LdrGetProcedureAddress 77B32213 5 Bytes JMP 1002AC80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 6ABB5B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!CopyFileW 77836AF7 5 Bytes JMP 1002AB60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!CopyFileExW 7783B238 7 Bytes JMP 1002AB20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!DeleteFileW 778416EF 5 Bytes JMP 1002AA20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!VirtualProtect 77842BCD 5 Bytes JMP 1002A960 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!DeleteFileA 77844382 5 Bytes JMP 1002AA40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!LoadLibraryExA 77844466 5 Bytes JMP 1002AC20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!LoadLibraryExW 77845079 5 Bytes JMP 1002AC00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!MoveFileWithProgressW 77848D8C 5 Bytes JMP 1002AA60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!MoveFileExW 77848DB0 5 Bytes JMP 1002AAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!GetProcAddress 7784CC94 5 Bytes JMP 1002AC60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!GetModuleHandleW 7784CCAC 5 Bytes JMP 1002A9E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!GetModuleHandleA 7784D8F3 5 Bytes JMP 1002AA00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!LoadLibraryA 7784DC65 5 Bytes JMP 1002A9C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!CreateFileW 7784E8A5 5 Bytes JMP 1002ABA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!CreateFileA 7784EA61 5 Bytes JMP 1002ABC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!LoadLibraryW 7784EF42 5 Bytes JMP 1002A9A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!OpenFile 7785D54F 5 Bytes JMP 1002ABE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!MoveFileExA 77863F78 5 Bytes JMP 1002AAC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!MoveFileWithProgressA 77863F98 5 Bytes JMP 1002AA80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!CopyFileA 77866D5A 5 Bytes JMP 1002AB80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!MoveFileW 77866ED6 5 Bytes JMP 1002AAE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!MoveFileA 7788BF49 5 Bytes JMP 1002AB00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!CopyFileExA 7788CDA1 5 Bytes JMP 1002AB40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!WinExec 7788EDB2 5 Bytes JMP 1002A980 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] kernel32.dll!LoadModule 7788F29D 5 Bytes JMP 1002AC40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1380] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1380] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1380] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1380] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1380] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1380] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1380] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1380] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1380] USER32.dll!TrackPopupMenu 77C52228 5 Bytes JMP 6AD30ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1380] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1380] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1380] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1380] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1380] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[1396] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[1396] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[1396] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[1396] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[1396] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[1396] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[1396] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[1396] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[1396] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[1396] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[1396] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[1396] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[1396] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\WLANExt.exe[1436] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\WLANExt.exe[1436] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\WLANExt.exe[1436] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\WLANExt.exe[1436] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\WLANExt.exe[1436] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\WLANExt.exe[1436] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\WLANExt.exe[1436] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\WLANExt.exe[1436] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\WLANExt.exe[1436] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\WLANExt.exe[1436] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\WLANExt.exe[1436] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\WLANExt.exe[1436] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\WLANExt.exe[1436] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1476] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1476] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1476] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1476] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1476] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1476] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1476] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1476] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1476] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\System32\svchost.exe[1476] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1476] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1476] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1476] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1480] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1480] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1480] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1480] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1480] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1480] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1480] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1480] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1480] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\conhost.exe[1480] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1480] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1480] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\conhost.exe[1480] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[1628] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[1628] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[1628] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[1628] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[1628] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[1628] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[1628] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[1628] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[1628] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\System32\spoolsv.exe[1628] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[1628] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[1628] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[1628] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1656] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1656] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1656] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1656] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1656] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1656] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1656] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1656] RPCRT4.dll!RpcServerRegisterIfEx 760109BC 5 Bytes JMP 1001F040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1656] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1656] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\svchost.exe[1656] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1656] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1656] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1656] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[1696] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[1696] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[1696] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[1696] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[1696] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[1696] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[1696] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[1696] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[1696] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\Dwm.exe[1696] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[1696] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[1696] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[1696] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\utility.exe[1736] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\utility.exe[1736] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\utility.exe[1736] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\utility.exe[1736] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\utility.exe[1736] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\utility.exe[1736] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\utility.exe[1736] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\utility.exe[1736] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\utility.exe[1736] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Program Files\Lenovo\Energy Management\utility.exe[1736] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\utility.exe[1736] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\utility.exe[1736] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\Energy Management\utility.exe[1736] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1744] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1744] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1744] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1744] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1744] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1744] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1744] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1744] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1744] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1744] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Windows\System32\igfxpers.exe[1744] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1744] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1744] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1748] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 002DB4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1748] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 002CD060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1748] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 002CD180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1748] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 002D7DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1748] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 002D4F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1748] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 002D5AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1748] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 002D3A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1748] GDI32.dll!DeleteDC 77776EAA 5 Bytes JMP 002D8BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1748] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 002D8970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1748] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 002D9CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1748] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 002D9BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1748] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 002D4370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1836] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1836] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1836] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1836] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1836] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1836] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1836] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1836] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1836] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1836] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1836] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1836] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1836] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1856] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1856] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1856] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1856] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1856] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1856] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1856] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1856] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1856] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1856] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1856] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1856] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1856] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe[1884] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe[1884] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe[1884] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe[1884] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe[1884] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe[1884] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe[1884] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe[1884] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe[1884] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe[1884] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe[1884] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe[1884] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe[1884] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\IgrsSvcs.exe[1916] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\IgrsSvcs.exe[1916] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\IgrsSvcs.exe[1916] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\IgrsSvcs.exe[1916] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\IgrsSvcs.exe[1916] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\IgrsSvcs.exe[1916] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\IgrsSvcs.exe[1916] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\IgrsSvcs.exe[1916] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\IgrsSvcs.exe[1916] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\System32\IgrsSvcs.exe[1916] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\IgrsSvcs.exe[1916] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\IgrsSvcs.exe[1916] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\IgrsSvcs.exe[1916] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1936] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1936] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1936] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1936] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1936] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1936] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1936] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1936] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1936] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1936] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1936] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1936] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1936] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2004] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2004] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2004] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2004] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2004] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2004] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2004] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2004] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2004] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2004] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2004] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2004] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2004] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2136] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 0038B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2136] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 0037D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2136] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 0037D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2136] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 00387DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2136] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 00384F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2136] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 00385AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2136] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 00383A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2136] GDI32.dll!DeleteDC 77776EAA 5 Bytes JMP 00388BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2136] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 00388970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2136] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 00389CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2136] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 00389BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2136] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 00384370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnetdhcp.exe[2212] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnetdhcp.exe[2212] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnetdhcp.exe[2212] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnetdhcp.exe[2212] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnetdhcp.exe[2212] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnetdhcp.exe[2212] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnetdhcp.exe[2212] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnetdhcp.exe[2212] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnetdhcp.exe[2212] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\vmnetdhcp.exe[2212] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnetdhcp.exe[2212] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnetdhcp.exe[2212] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\vmnetdhcp.exe[2212] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdc.exe[2232] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdc.exe[2232] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdc.exe[2232] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdc.exe[2232] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdc.exe[2232] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdc.exe[2232] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdc.exe[2232] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdc.exe[2232] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdc.exe[2232] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdc.exe[2232] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Windows\WindowsMobile\wmdc.exe[2232] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdc.exe[2232] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\WindowsMobile\wmdc.exe[2232] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2296] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2296] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2296] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2296] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2296] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2296] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2296] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2296] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2296] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2296] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2296] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2296] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2296] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] ntdll.dll!NtAllocateVirtualMemory 77B152D8 5 Bytes JMP 0076BD10 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[2504] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[2504] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[2504] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[2504] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[2504] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[2504] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[2504] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[2504] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[2504] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[2504] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\wbem\wmiprvse.exe[2504] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[2504] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wbem\wmiprvse.exe[2504] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apntex.exe[2760] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apntex.exe[2760] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apntex.exe[2760] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apntex.exe[2760] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apntex.exe[2760] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apntex.exe[2760] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apntex.exe[2760] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apntex.exe[2760] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apntex.exe[2760] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Program Files\Apoint2K\Apntex.exe[2760] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apntex.exe[2760] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apntex.exe[2760] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apntex.exe[2760] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2800] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2800] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2800] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2800] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2800] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2800] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2800] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2800] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2800] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\svchost.exe[2800] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2800] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2800] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2800] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[3100] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[3100] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[3100] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[3100] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[3100] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[3100] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[3100] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[3100] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[3100] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[3100] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\Explorer.EXE[3100] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[3100] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[3100] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apoint.exe[3116] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apoint.exe[3116] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apoint.exe[3116] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apoint.exe[3116] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apoint.exe[3116] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apoint.exe[3116] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apoint.exe[3116] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apoint.exe[3116] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apoint.exe[3116] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Program Files\Apoint2K\Apoint.exe[3116] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apoint.exe[3116] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apoint.exe[3116] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Apoint2K\Apoint.exe[3116] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[3180] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[3180] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[3180] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[3180] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[3180] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[3180] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[3180] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[3180] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[3180] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\taskhost.exe[3180] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[3180] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[3180] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[3180] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[3252] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 0021B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[3252] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 0020D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[3252] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 0020D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[3252] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 00217DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[3252] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 00214F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[3252] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 00215AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[3252] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 00213A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[3252] GDI32.dll!DeleteDC 77776EAA 5 Bytes JMP 00218BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[3252] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 00218970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[3252] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 00219CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[3252] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 00219BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxtray.exe[3252] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 00214370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[3268] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 0116B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[3268] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 0115D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[3268] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 0115D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[3268] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 01167DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[3268] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 01164F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[3268] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 01165AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[3268] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 01163A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[3268] GDI32.dll!DeleteDC 77776EAA 5 Bytes JMP 01168BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[3268] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 01168970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[3268] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 01169CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[3268] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 01169BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[3268] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 01164370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3320] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3320] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3320] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3320] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3320] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3320] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3320] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3320] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3320] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3320] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3320] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3320] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3320] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3380] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3380] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3380] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3380] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3380] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3380] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3380] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3380] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3380] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3380] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3380] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3380] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3380] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3396] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3396] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3396] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3396] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3396] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3396] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3396] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3396] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3396] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\igfxsrvc.exe[3396] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3396] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3396] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3396] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3584] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3584] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3584] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3584] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3584] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3584] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3584] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3584] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3584] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\svchost.exe[3584] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3584] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3584] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3584] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3800] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3800] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3800] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3800] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3800] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3800] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3800] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3800] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3800] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\svchost.exe[3800] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3800] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3800] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3800] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3916] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3916] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3916] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3916] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3916] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3916] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3916] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3916] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3916] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3916] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\windows\system32\SearchIndexer.exe[3916] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3916] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[3916] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] ntdll.dll!NtAllocateVirtualMemory 77B152D8 5 Bytes JMP 1002AD40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] ntdll.dll!NtCreateFile 77B155C8 5 Bytes JMP 1002AD00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] ntdll.dll!NtCreateProcess 77B15698 5 Bytes JMP 1002ADC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] ntdll.dll!NtCreateProcessEx 77B156A8 5 Bytes JMP 1002ADA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] ntdll.dll!NtDeleteFile 77B15808 5 Bytes JMP 1002AD60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] ntdll.dll!NtFreeVirtualMemory 77B159D8 5 Bytes JMP 1002A3D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] ntdll.dll!NtLoadDriver 77B15B58 5 Bytes JMP 1002AD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] ntdll.dll!NtOpenFile 77B15CD8 5 Bytes JMP 1002ACE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] ntdll.dll!NtProtectVirtualMemory 77B15F18 5 Bytes JMP 1002A380 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] ntdll.dll!NtSetInformationProcess 77B16678 5 Bytes JMP 1002ACA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] ntdll.dll!NtUnloadDriver 77B16958 5 Bytes JMP 1002ACC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] ntdll.dll!NtWriteVirtualMemory 77B16A98 5 Bytes JMP 1002AD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] ntdll.dll!KiUserExceptionDispatcher 77B16FE8 5 Bytes JMP 1002A690 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] ntdll.dll!RtlAllocateHeap 77B22D66 5 Bytes JMP 1002A420 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] ntdll.dll!LdrGetProcedureAddress 77B32213 5 Bytes JMP 1002AC80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!CopyFileW 77836AF7 5 Bytes JMP 1002AB60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!CopyFileExW 7783B238 7 Bytes JMP 1002AB20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!DeleteFileW 778416EF 5 Bytes JMP 1002AA20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!VirtualProtect 77842BCD 5 Bytes JMP 1002A960 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!DeleteFileA 77844382 5 Bytes JMP 1002AA40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!LoadLibraryExA 77844466 5 Bytes JMP 1002AC20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!LoadLibraryExW 77845079 5 Bytes JMP 1002AC00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!MoveFileWithProgressW 77848D8C 5 Bytes JMP 1002AA60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!MoveFileExW 77848DB0 5 Bytes JMP 1002AAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!GetProcAddress 7784CC94 5 Bytes JMP 1002AC60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!GetModuleHandleW 7784CCAC 5 Bytes JMP 1002A9E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!GetModuleHandleA 7784D8F3 5 Bytes JMP 1002AA00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!LoadLibraryA 7784DC65 5 Bytes JMP 1002A9C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!CreateFileW 7784E8A5 5 Bytes JMP 1002ABA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!CreateFileA 7784EA61 5 Bytes JMP 1002ABC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!LoadLibraryW 7784EF42 5 Bytes JMP 1002A9A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!OpenFile 7785D54F 5 Bytes JMP 1002ABE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!MoveFileExA 77863F78 5 Bytes JMP 1002AAC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!MoveFileWithProgressA 77863F98 5 Bytes JMP 1002AA80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!CopyFileA 77866D5A 5 Bytes JMP 1002AB80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!MoveFileW 77866ED6 5 Bytes JMP 1002AAE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!MoveFileA 7788BF49 5 Bytes JMP 1002AB00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!CopyFileExA 7788CDA1 5 Bytes JMP 1002AB40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!WinExec 7788EDB2 5 Bytes JMP 1002A980 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] kernel32.dll!LoadModule 7788F29D 5 Bytes JMP 1002AC40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] USER32.dll!EnableWindow 77C38D02 5 Bytes JMP 67E39A14 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] USER32.dll!DialogBoxParamW 77C53B9B 5 Bytes JMP 67D9170B C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] USER32.dll!DialogBoxIndirectParamW 77C63B7F 5 Bytes JMP 67F86336 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] USER32.dll!DialogBoxParamA 77C7CF42 5 Bytes JMP 67F862D1 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] USER32.dll!DialogBoxIndirectParamA 77C7D274 5 Bytes JMP 67F8639B C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] USER32.dll!MessageBoxIndirectA 77C8E869 5 Bytes JMP 67F86258 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] USER32.dll!MessageBoxIndirectW 77C8E963 5 Bytes JMP 67F861DF C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] USER32.dll!MessageBoxExA 77C8E9C9 5 Bytes JMP 67F8617B C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] USER32.dll!MessageBoxExW 77C8E9ED 5 Bytes JMP 67F86117 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Program Files\Internet Explorer\iexplore.exe[4164] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] SHELL32.dll!ShellExecuteW 76873C59 5 Bytes JMP 1002A920 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] SHELL32.dll!ShellExecuteExW 76881E2E 5 Bytes JMP 1002A8E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] SHELL32.dll!ShellExecuteEx 76AA6FE2 5 Bytes JMP 1002A900 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] SHELL32.dll!ShellExecuteA 76AA707D 5 Bytes JMP 1002A940 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] WININET.dll!InternetConnectA 760FB75E 5 Bytes JMP 1002A8C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] WININET.dll!InternetConnectW 760FBDDA 5 Bytes JMP 1002A8A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] WS2_32.dll!WSASocketW 777C3CD3 7 Bytes JMP 1002A860 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[4164] WS2_32.dll!WSASocketA 777CC82A 5 Bytes JMP 1002A880 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5564] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5564] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5564] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5564] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5564] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5564] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5564] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5564] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5564] USER32.dll!SetWindowLongA 77C38BA3 5 Bytes JMP 6AFA01A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5564] USER32.dll!SetWindowLongW 77C44449 5 Bytes JMP 6AFA0135 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5564] USER32.dll!GetWindowInfo 77C44B5E 5 Bytes JMP 6AD30924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5564] USER32.dll!TrackPopupMenu 77C52228 5 Bytes JMP 6AD30ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5564] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5564] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5564] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5564] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5564] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Justynka\Desktop\9p7qn2ov.exe[5888] ntdll.dll!NtAlpcSendWaitReceivePort 77B15418 5 Bytes JMP 1002B4C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Justynka\Desktop\9p7qn2ov.exe[5888] ntdll.dll!NtClose 77B154C8 5 Bytes JMP 1001D060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Justynka\Desktop\9p7qn2ov.exe[5888] ntdll.dll!LdrUnloadDll 77B2C86E 7 Bytes JMP 1001D180 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Justynka\Desktop\9p7qn2ov.exe[5888] ntdll.dll!LdrLoadDll 77B3223E 5 Bytes JMP 10027DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Justynka\Desktop\9p7qn2ov.exe[5888] kernel32.dll!CreateProcessW 7780204D 5 Bytes JMP 10024F10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Justynka\Desktop\9p7qn2ov.exe[5888] kernel32.dll!CreateProcessA 77802082 5 Bytes JMP 10025AA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Justynka\Desktop\9p7qn2ov.exe[5888] kernel32.dll!CreateProcessAsUserW 778359AF 5 Bytes JMP 10023A40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Justynka\Desktop\9p7qn2ov.exe[5888] GDI32.dll!DeleteDC 77776EAA 3 Bytes JMP 10028BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Justynka\Desktop\9p7qn2ov.exe[5888] GDI32.dll!DeleteDC + 4 77776EAE 1 Byte [98] .text C:\Users\Justynka\Desktop\9p7qn2ov.exe[5888] GDI32.dll!GetPixel 7777C3D5 5 Bytes JMP 10028970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Justynka\Desktop\9p7qn2ov.exe[5888] GDI32.dll!CreateDCA 7777CCA9 5 Bytes JMP 10029CA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Justynka\Desktop\9p7qn2ov.exe[5888] GDI32.dll!CreateDCW 7777CF79 5 Bytes JMP 10029BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Justynka\Desktop\9p7qn2ov.exe[5888] ADVAPI32.dll!CreateProcessAsUserA 76202538 5 Bytes JMP 10024370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0064BA10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0064B0F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [0064BB10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0064B9D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0064BA90] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0064BBA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0064BA50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [0064A850] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [0064B180] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [0064B240] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [0064A7F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [0064ACE0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [0064AC50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [0064B300] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [0064A8A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [0064B7D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHELL32.dll [USER32.dll!DrawEdge] [0064B780] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [0064AAA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [0064B480] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [0064B5C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [0064A990] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [0064AB10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHELL32.dll [USER32.dll!SetScrollPos] [0064A900] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [0064A7F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHELL32.dll [USER32.dll!RegisterClassW] [0064B240] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHELL32.dll [USER32.dll!FillRect] [0064B700] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [0064ACE0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [0064B300] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHELL32.dll [GDI32.dll!DeleteObject] [0064A850] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0064B9D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0064BA10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0064BA90] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0064BBA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0064B9D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0064BA10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [0064BA50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\ole32.dll [GDI32.dll!DeleteObject] [0064A850] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\ole32.dll [USER32.dll!CallWindowProcW] [0064AB10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\ole32.dll [USER32.dll!GetSysColor] [0064A7F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\ole32.dll [USER32.dll!GetSystemMetrics] [0064B300] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [0064B480] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\ole32.dll [USER32.dll!RegisterClassW] [0064B240] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\ole32.dll [USER32.dll!DefWindowProcW] [0064ACE0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0064BA10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0064B9D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0064BA90] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0064BA50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0064B9D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0064BBA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryExA] [0064BA50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2424] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0064BBA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\windows\Explorer.EXE[3100] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [742D2437] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3100] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [742B5600] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3100] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [742B56BE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3100] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [742D24B2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3100] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [742C8514] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3100] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742C4CC8] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3100] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [742C506F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3100] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [742C5144] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3100] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [742C6671] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3100] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [742C826B] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3100] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [742C87BA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3100] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [742C901B] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3100] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [742CE1BE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3100] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [742C4BFA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000053 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \Driver\usbhub \Device\0000006b hcmon.sys Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys Device \Driver\usbhub \Device\0000006c hcmon.sys Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys Device \Driver\usbhub \Device\0000006d hcmon.sys Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys Device \Driver\usbhub \Device\0000006e hcmon.sys Device \Driver\usbehci \Device\USBFDO-3 hcmon.sys Device \Driver\usbhub \Device\0000006f hcmon.sys Device \Driver\usbuhci \Device\USBFDO-4 hcmon.sys Device \Driver\usbuhci \Device\USBFDO-5 hcmon.sys Device \Driver\usbuhci \Device\USBFDO-6 hcmon.sys Device \Driver\usbehci \Device\USBFDO-7 hcmon.sys ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet) Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize 1091 ---- Files - GMER 1.0.15 ---- File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes ---- EOF - GMER 1.0.15 ----

Przy załączaniu gmera wyskakuje, że rozszerzenie log jest zabronione, mimo, że to txt

**Posty:** 18165 · przez **wojtas** 16 Mar 2012, 17:07

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKU\S-1-5-21-1589609611-3276740562-2776947412-1003\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKU\S-1-5-21-1589609611-3276740562-2776947412-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
[2012-02-23 19:23:33 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\Justynka\AppData\Roaming\mozilla\Firefox\Profiles\800nw14l.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011-07-20 19:31:31 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Justynka\AppData\Roaming\mozilla\Firefox\Profiles\800nw14l.default\extensions\engine@conduit.com
[2011-06-20 13:07:12 | 000,000,923 | ---- | M] () -- C:\Users\Justynka\AppData\Roaming\Mozilla\Firefox\Profiles\800nw14l.default\searchplugins\conduit.xml
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1589609611-3276740562-2776947412-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

:Files
C:\Users\Justynka\AppData\Local\Temp*.html

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .
Użyj AdwCleaner i kliknij w nim Delete (uruchom z prawokliku "jako Administrator)
potem odinstaluj

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )
* Skasuj stan przywracania systemu

tyle

Autor postu otrzymał pochwałę