GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-04-27 16:20:32 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3120026A rev.3.06 Running: dtm0idin.exe; Driver: D:\DOCUME~1\EMILA~1.B-0\USTAWI~1\Temp\agloifoc.sys ---- Kernel code sections - GMER 1.0.15 ---- ? D:\WINDOWS\system32\drivers\mbamswissarmy.sys Nie mona odnale okrelonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00744760 D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 1002CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 1002CA60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\Program Files\Eset\nod32kui.exe[188] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32kui.exe[188] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 1002CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 1002CA60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\Program Files\Eset\UpdateReminder.exe[200] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\UpdateReminder.exe[200] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 1002CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 1002CA60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\WINDOWS\system32\ctfmon.exe[336] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\ctfmon.exe[336] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 1002CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 1002CA60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\Program Files\Eset\nod32krn.exe[416] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] WS2_32.dll!WSASocketW 71A539CB 7 Bytes JMP 1002C920 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] WS2_32.dll!WSASocketA 71A58769 5 Bytes JMP 1002C940 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Eset\nod32krn.exe[416] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 1002CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 1002CA60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\WINDOWS\system32\svchost.exe[460] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[460] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 1002CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 1002CA60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\WINDOWS\system32\services.exe[672] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\services.exe[672] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 1002CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 1002CA60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\WINDOWS\system32\lsass.exe[684] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] WS2_32.dll!WSASocketW 71A539CB 7 Bytes JMP 1002C920 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] WS2_32.dll!WSASocketA 71A58769 5 Bytes JMP 1002C940 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\lsass.exe[684] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 1002CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 1002CA60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\WINDOWS\system32\svchost.exe[832] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[832] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 1002CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 1002CA60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\WINDOWS\system32\svchost.exe[908] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[908] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 1002CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 1002CA60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\WINDOWS\system32\svchost.exe[1060] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1060] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 1002CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 1002CA60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\WINDOWS\system32\svchost.exe[1144] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1144] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 1002CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 1002CA60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\WINDOWS\system32\svchost.exe[1272] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1272] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 1002CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 1002CA60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\WINDOWS\system32\svchost.exe[1348] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1348] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 1002CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 1002CA60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.exe[1452] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 1002CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 1002CA60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\WINDOWS\system32\spoolsv.exe[1480] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\spoolsv.exe[1480] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 03E0CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 03DFCD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 03E0CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 03E0CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 03E0CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 03E0CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 03E0C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 03E0CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 03E0CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 03E0C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 03E0CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 03E0CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 03E0CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 03E0C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 03E0A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 03DFCE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 03E0CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 03E0CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 03E0CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 03E0CCC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 03E0CCE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 03E0CA80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 03E07790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 03E08320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 03E0CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 03E0CA60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 03E0CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 03E0CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 03E0CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 03E0CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 03E0CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 03E0CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 03E0CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 03E0CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 03E0CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 03E0CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 03E0CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 03E0CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 03E0CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 03E0CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 03E0CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 03E0CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 03E0CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 03E0CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 03E0E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 03E0D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 03E0D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 03E062C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 03E06BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 03E0DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 03E0DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [FE, 8B, CC, CC] .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] WS2_32.dll!WSASocketW 71A539CB 7 Bytes JMP 03E0C920 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] WS2_32.dll!WSASocketA 71A58769 5 Bytes JMP 03E0C940 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 03E0E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 03E0E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 03E0C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 03E0C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 03E0CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\OpenOffice.org 3\program\soffice.bin[1540] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 03E0C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 1002CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 1002CA60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] shell32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] shell32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] shell32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Documents and Settings\Emila.B-02D438CD598A4\Pulpit\dtm0idin.exe[1712] shell32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 1002CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 1002CA60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\WINDOWS\Explorer.EXE[1752] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 1002C980 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\Explorer.EXE[1752] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 1002C960 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 1002CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 1002CA60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\WINDOWS\system32\svchost.exe[1996] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\system32\svchost.exe[1996] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 1002C750 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!CallNextHookEx 77D3ED6E 5 Bytes JMP 0151DD81 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!CreateWindowExW 77D41AD5 5 Bytes JMP 01524832 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 01449315 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!DialogBoxParamA 77D488E1 5 Bytes JMP 0163DFBE D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!DialogBoxIndirectParamW 77D52598 5 Bytes JMP 0163E021 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!MessageBoxIndirectA 77D5AEF1 5 Bytes JMP 0163DF51 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 0151DBCB D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 01481CA2 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!MessageBoxExW 77D70559 5 Bytes JMP 0163DE22 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!MessageBoxExA 77D7057D 5 Bytes JMP 0163DE84 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!DialogBoxIndirectParamA 77D76CED 5 Bytes JMP 0163E084 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!MessageBoxIndirectW 77D860B7 3 Bytes JMP 0163DEE6 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!MessageBoxIndirectW + 4 77D860BB 1 Byte [89] .text D:\Program Files\Internet Explorer\iexplore.exe[2580] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ole32.dll!CoCreateInstance 77516009 5 Bytes JMP 0152488E D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 1002C980 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[2580] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 1002C960 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 1002CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 1002CA60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\WINDOWS\System32\alg.exe[2688] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] WS2_32.dll!WSASocketW 71A539CB 7 Bytes JMP 1002C920 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] WS2_32.dll!WSASocketA 71A58769 5 Bytes JMP 1002C940 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\WINDOWS\System32\alg.exe[2688] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 1002C750 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!CallNextHookEx 77D3ED6E 5 Bytes JMP 0151DD81 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!CreateWindowExW 77D41AD5 5 Bytes JMP 01524832 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 01449315 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!DialogBoxParamA 77D488E1 5 Bytes JMP 0163DFBE D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!DialogBoxIndirectParamW 77D52598 5 Bytes JMP 0163E021 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!MessageBoxIndirectA 77D5AEF1 5 Bytes JMP 0163DF51 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 0151DBCB D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 01481CA2 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!MessageBoxExW 77D70559 5 Bytes JMP 0163DE22 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!MessageBoxExA 77D7057D 5 Bytes JMP 0163DE84 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!DialogBoxIndirectParamA 77D76CED 5 Bytes JMP 0163E084 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!MessageBoxIndirectW 77D860B7 3 Bytes JMP 0163DEE6 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] USER32.dll!MessageBoxIndirectW + 4 77D860BB 1 Byte [89] .text D:\Program Files\Internet Explorer\iexplore.exe[3244] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ole32.dll!CoCreateInstance 77516009 5 Bytes JMP 0152488E D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 1002C980 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3244] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 1002C960 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 1002C750 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!CreateWindowExW 77D41AD5 5 Bytes JMP 01524832 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 01449315 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!DialogBoxParamA 77D488E1 5 Bytes JMP 0163DFBE D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!DialogBoxIndirectParamW 77D52598 5 Bytes JMP 0163E021 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!MessageBoxIndirectA 77D5AEF1 5 Bytes JMP 0163DF51 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!MessageBoxExW 77D70559 5 Bytes JMP 0163DE22 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!MessageBoxExA 77D7057D 5 Bytes JMP 0163DE84 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!DialogBoxIndirectParamA 77D76CED 5 Bytes JMP 0163E084 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!MessageBoxIndirectW 77D860B7 3 Bytes JMP 0163DEE6 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!MessageBoxIndirectW + 4 77D860BB 1 Byte [89] .text D:\Program Files\Internet Explorer\iexplore.exe[3552] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 1002C980 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3552] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 1002C960 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 003DCE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003CCD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003DCDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003DCE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003DCE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 003DCE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 003DC490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003DCDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003DCDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 003DC440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 003DCD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 003DCD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 003DCE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 003DC4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003DA630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 003CCE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 003DCD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 003DCC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 003DCA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 003DCCC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 003DCCE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 003DCA80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 003D7790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 003D8320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 003DCD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 003DCA60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 003DCAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 003DCAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 003DCC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 003DCB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 003DCBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 003DCCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 003DCBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 003DCC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 003DCC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 003DCB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 003DCAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 003DCB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 003DCBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 003DCB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 003DCB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 003DCC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 003DCA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 003DCD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 003DD830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 003DD590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 003D62C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 003D6BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 003DDD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 003DDAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [5B, 88, CC, CC] {POP EBX; MOV AH, CL; INT 3 } .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 003DE3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 003DC9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 003DC9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 003DCA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 003DC9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] WS2_32.dll!WSASocketW 71A539CB 3 Bytes JMP 003DC920 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] WS2_32.dll!WSASocketW + 4 71A539CF 3 Bytes [8E, CC, CC] .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] WS2_32.dll!WSASocketA 71A58769 5 Bytes JMP 003DC940 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 003DE840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3576] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 003DE600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 1002C750 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\Program Files\Internet Explorer\iexplore.exe[3876] USER32.dll!CallNextHookEx 77D3ED6E 5 Bytes JMP 0151DD81 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] USER32.dll!CreateWindowExW 77D41AD5 5 Bytes JMP 01524832 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 01449315 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] USER32.dll!DialogBoxParamA 77D488E1 5 Bytes JMP 0163DFBE D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] USER32.dll!DialogBoxIndirectParamW 77D52598 5 Bytes JMP 0163E021 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] USER32.dll!MessageBoxIndirectA 77D5AEF1 5 Bytes JMP 0163DF51 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 0151DBCB D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 01481CA2 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] USER32.dll!MessageBoxExW 77D70559 5 Bytes JMP 0163DE22 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] USER32.dll!MessageBoxExA 77D7057D 5 Bytes JMP 0163DE84 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] USER32.dll!DialogBoxIndirectParamA 77D76CED 5 Bytes JMP 0163E084 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] USER32.dll!MessageBoxIndirectW 77D860B7 3 Bytes JMP 0163DEE6 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] USER32.dll!MessageBoxIndirectW + 4 77D860BB 1 Byte [89] .text D:\Program Files\Internet Explorer\iexplore.exe[3876] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ole32.dll!CoCreateInstance 77516009 5 Bytes JMP 0152488E D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 1002C980 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Internet Explorer\iexplore.exe[3876] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 1002C960 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1002A630 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CE40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 1002CD40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 1002CD20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 1002CA60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 1002CAC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 1002CAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 1002CC60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 1002CB20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 1002CBA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 1002CCA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 1002CBE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 1002CC40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 1002CC20 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 1002CB00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 1002CAE0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 1002CB60 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 1002CBC0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 1002CB40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 1002CB80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 1002CC00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 1002CA40 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 1002CD00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ADVAPI32.dll!OpenServiceW 77DD5F05 7 Bytes JMP 1002D830 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ADVAPI32.dll!OpenServiceA 77DDE2AE 7 Bytes JMP 1002D590 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 100262C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 10026BF0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ADVAPI32.dll!CreateServiceA 77E270B9 7 Bytes JMP 1002DD80 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ADVAPI32.dll!CreateServiceW 77E27251 2 Bytes JMP 1002DAA0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ADVAPI32.dll!CreateServiceW + 3 77E27254 4 Bytes [20, 98, CC, CC] .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] WS2_32.dll!WSASocketW 71A539CB 7 Bytes JMP 1002C920 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] WS2_32.dll!WSASocketA 71A58769 5 Bytes JMP 1002C940 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 1002C9A0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 1002C9C0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 1002CA00 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 1002C9E0 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\Program Files\Axesstel\AxessManager MV500\AxessManager.exe[4000] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 D:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7406750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7406820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F74067F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F74067B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F74067B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7406820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7406750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F74067F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F74067F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F74067B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7406820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F7406750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F74067B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7406750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7406820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F74067F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7406750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7406820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F74067B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F74067F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F74067B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7406820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7406750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F74067B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F74067F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7406750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7406820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- User IAT/EAT - GMER 1.0.15 ---- IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [0058D2F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [0058D120] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0058D120] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [0058D260] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0058C840] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0058D1E0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [0058C840] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [0058D260] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0058D160] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0058D120] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0058D160] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0058C840] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0058D160] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0058C840] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] [0058D260] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0058D120] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0058C840] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [0058BFA0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [0058D260] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0058D1A0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0058D1E0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0058D160] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0058C840] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0058D120] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [0058C3A0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [0058C430] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [0058BF40] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [0058C8D0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [0058C990] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SystemParametersInfoW] [0058CBD0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [0058C260] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [0058C300] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [0058CA50] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteObject] [0058BFA0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] [0058D260] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0058D160] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [0058C840] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0058D1E0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0058D1A0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [0058CD10] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [0058C3A0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [0058CA50] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [0058BF40] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [0058C430] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!RegisterClassW] [0058C990] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [0058BFF0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!FillRect] [0058CE50] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [0058CF20] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawEdge] [0058CED0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [0058CBD0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [0058C1F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [0058C260] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [0058C0E0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [0058BFA0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0058D160] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0058C840] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0058D1E0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0058D1A0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [0058CBD0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\ole32.dll [USER32.dll!GetSystemMetrics] [0058CA50] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [0058BF40] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [0058C260] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\ole32.dll [USER32.dll!RegisterClassW] [0058C990] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [0058C430] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0058D160] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [0058C840] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0058D120] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0058D2F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [0058D160] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0058D1A0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateThread] [0058C840] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0058D120] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\USERENV.dll [USER32.dll!GetSystemMetrics] [0058CA50] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0058D1A0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0058D1E0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [0058C840] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] [0058D260] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[172] @ D:\WINDOWS\system32\CRYPT32.dll [USER32.dll!GetSystemMetrics] [0058CA50] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\Internet Explorer\iexplore.exe[2580] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00E718FD] D:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT D:\Program Files\Internet Explorer\iexplore.exe[3244] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00E718FD] D:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT D:\Program Files\Internet Explorer\iexplore.exe[3876] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00E718FD] D:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device Fastfat.sys (Fast FAT File System Driver/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation) ---- Processes - GMER 1.0.15 ---- Library D:\Program (*** hidden *** ) @ D:\Program Files\Internet Explorer\iexplore.exe [3876] 0x02C70000 Library D:\Program (*** hidden *** ) @ D:\Program Files\Internet Explorer\iexplore.exe [3876] 0x02F40000 Library D:\Program (*** hidden *** ) @ D:\Program Files\Internet Explorer\iexplore.exe [3876] 0x03900000 Library D:\Program (*** hidden *** ) @ D:\Program Files\Internet Explorer\iexplore.exe [3876] 0x03EB0000 ---- Files - GMER 1.0.15 ---- File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\adobe File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\. File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\. File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\. File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\. File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\  . File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\ File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\ File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\S45UH). File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\1AQ".aq File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\C4&-.Scd File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\ZYg File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\ -. File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\`#ϳ[.R File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\D}T{1.8@ File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\ i. z File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\<-.>f File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\c+nT.:k File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\L; File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\-&2wL-i.H File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\{i=.+by File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\X@B. File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\T,Lq`.IfL File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\T(@+.PF File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\2L>.G File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\>-=d+.fc File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\m +.k File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\L՝. File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\os].WR- File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\¸+-.2 File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\,n#hq.t File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\-Z+f4.* File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\' h z. File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\iI~.+0 File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\d-opq.2- File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\*T3L=2.1 File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\t=Q-.s File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\ A.j File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\Q"d."_ File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\uv?.+- File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\f+#.j8, File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\ch File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\9so`u+.M File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\a&= .- File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\w.ڟ-.: File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\-}.UP File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\T|=5 File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\-.5#ȡ.t File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\-+]M.u File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\T+^>*G+./ File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\@To:e@.m File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\7mši.(k File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\-T File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\ -R R.E File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\.z.h File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\-TX-.nv File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\}5-+-[.k File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\wq File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\ȦV$-.U File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\Hά΍?T.u File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\DI.gp File D:\Documents and Settings\Emila\Ustawienia lokalne\Temp\WPDNSE\~-q.+z ---- EOF - GMER 1.0.15 ----