GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-05-25 20:15:21 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-16 ST3250410AS rev.3.AAC Running: 0gx5nzdq.exe; Driver: C:\DOCUME~1\conieco\USTAWI~1\Temp\pxtdapob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB6139DF8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB648ABDA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB61EEA5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB613A85E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB6166D5D] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB648A1B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB613F2E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB613F330] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB648A840] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB613F422] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB6166711] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB613F252] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xB648A09A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB613F374] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB613F29A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB648C302] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB6489C60] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB613F3DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB6139E44] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB6167423] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB61676D9] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB613C9A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB616728E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB61670F9] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB61EEB34] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB6139AD6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB648A43C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB6139E90] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB613CD1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB613AB02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB613F30E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB613F352] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB648AA1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB613F446] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB6166A6D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB613F278] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB613C518] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB613F3AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB613F2C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB613C74C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB613F400] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB61EECA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB6166F74] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB613A9CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB6166DC6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB61F8B68] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB648C648] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB6165D84] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xB648BA88] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB6139EDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB6139F28] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB648ADC0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB6139B46] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB6139CEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB616752A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB6139C92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB6139D5A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xB61EED60] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB6489E32] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB6139F74] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xB61EEBE0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB6204D92] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C20 805044D8 4 Bytes [5A, EA, 1E, B6] .text ntkrnlpa.exe!ZwCallbackReturn + 2C68 80504520 16 Bytes [E4, F2, 13, B6, 30, F3, 13, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2CAD 80504565 11 Bytes [C3, 48, B6, 60, 9C, 48, B6, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2DA4 8050465C 16 Bytes [0E, F3, 13, B6, 52, F3, 13, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2F24 805047DC 12 Bytes [88, BA, 48, B6, DC, 9E, 13, ...] {MOV [EDX-0x612349b8], BH; ADC ESI, [ESI-0x49ec60d8]} PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL B613B19F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP B6201C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP B620374C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP B6204D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8DDE360, 0x3441C7, 0xE8000020] .text win32k.sys!EngFreeUserMem + 674 BF8098E2 5 Bytes JMP B613E180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C83E 5 Bytes JMP B613E07C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF8138D6 5 Bytes JMP B613E036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C540 5 Bytes JMP B613D724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79A8 BF8240B0 5 Bytes JMP B613CF84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828A1A 5 Bytes JMP B613E2EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF831465 5 Bytes JMP B613E4F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B687 BF839E9C 5 Bytes JMP B613DF3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85173B 5 Bytes JMP B613CE66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC5A 5 Bytes JMP B613D7E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2C4 5 Bytes JMP B613D384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E34F 5 Bytes JMP B613D562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F5C2 5 Bytes JMP B613CE4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5457 BF864991 5 Bytes JMP B613E0BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 4128 BF873CC4 5 Bytes JMP B613D51C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF890F01 5 Bytes JMP B613D7FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF8944AC 5 Bytes JMP B613E232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF894F84 5 Bytes JMP B613E450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 3857 BF89C32B 5 Bytes JMP B613D70C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DEC BF89D8C0 5 Bytes JMP B613CFF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A9DB BF8C1E40 5 Bytes JMP B613D104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CA2A2 5 Bytes JMP B613D1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CA522 5 Bytes JMP B613D2E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EBEF7 5 Bytes JMP B613CD52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + CB46 BF8F4EFF 5 Bytes JMP B613D73C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1A2D BF9136C2 5 Bytes JMP B613CF22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2601 BF914296 5 Bytes JMP B613D0B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F7A BF916C0F 5 Bytes JMP B613D67C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 194D BF946CFD 5 Bytes JMP B613E3A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] shell32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] shell32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] shell32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\conieco\Pulpit\0gx5nzdq.exe[284] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVAST Software\Avast\avastUI.exe[400] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[400] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00551014 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00550804 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00550A08 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00550C0C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00550E10 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00550600 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00560804 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00560A08 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00560600 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005601F8 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005603FC .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[444] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[448] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[556] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[556] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\ctfmon.exe[556] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\ctfmon.exe[556] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\ctfmon.exe[556] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\ctfmon.exe[556] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\ctfmon.exe[556] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\ctfmon.exe[556] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\ctfmon.exe[556] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\ctfmon.exe[556] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\ctfmon.exe[556] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\ctfmon.exe[556] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\ctfmon.exe[556] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\WINDOWS\system32\ctfmon.exe[556] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[556] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00400804 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00400A08 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00400600 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004001F8 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004003FC .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[592] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[676] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\smss.exe[900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[948] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[972] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\winlogon.exe[972] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\winlogon.exe[972] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\winlogon.exe[972] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\winlogon.exe[972] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\winlogon.exe[972] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\services.exe[1016] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\services.exe[1016] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\services.exe[1016] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\services.exe[1016] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\services.exe[1016] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\services.exe[1016] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[1028] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\lsass.exe[1028] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\lsass.exe[1028] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\lsass.exe[1028] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\lsass.exe[1028] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\lsass.exe[1028] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1028] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1196] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1196] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1196] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1196] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1196] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1196] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1196] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1224] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1224] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1224] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1224] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1224] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrA.exe[1240] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\PnkBstrA.exe[1240] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\PnkBstrA.exe[1240] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\PnkBstrA.exe[1240] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\PnkBstrA.exe[1240] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\PnkBstrA.exe[1240] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\PnkBstrA.exe[1240] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\PnkBstrA.exe[1240] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00361014 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00360804 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00360A08 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00360C0C .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00360E10 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00360600 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00370804 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00370A08 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00370600 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003701F8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003703FC .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1404] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Programy\Comodo\cmdagent.exe[1416] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0040FD50 E:\Programy\Comodo\cmdagent.exe (COMODO Internet Security/COMODO) .text E:\Programy\Comodo\cmdagent.exe[1416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text E:\Programy\Comodo\cmdagent.exe[1416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text E:\Programy\Comodo\cmdagent.exe[1416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text E:\Programy\Comodo\cmdagent.exe[1416] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text E:\Programy\Comodo\cmdagent.exe[1416] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004C0804 .text E:\Programy\Comodo\cmdagent.exe[1416] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 004C0A08 .text E:\Programy\Comodo\cmdagent.exe[1416] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 004C0600 .text E:\Programy\Comodo\cmdagent.exe[1416] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004C01F8 .text E:\Programy\Comodo\cmdagent.exe[1416] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004C03FC .text E:\Programy\Comodo\cmdagent.exe[1416] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 004D1014 .text E:\Programy\Comodo\cmdagent.exe[1416] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 004D0804 .text E:\Programy\Comodo\cmdagent.exe[1416] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 004D0A08 .text E:\Programy\Comodo\cmdagent.exe[1416] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 004D0C0C .text E:\Programy\Comodo\cmdagent.exe[1416] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 004D0E10 .text E:\Programy\Comodo\cmdagent.exe[1416] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004D01F8 .text E:\Programy\Comodo\cmdagent.exe[1416] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004D03FC .text E:\Programy\Comodo\cmdagent.exe[1416] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 004D0600 .text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1444] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1444] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1444] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1444] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1444] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1444] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1444] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1508] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00D91950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00D982B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D918D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D91890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00D919B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00D91910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00D91A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00D91970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00D918F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D91930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 00D919D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00D91990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D918B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00D91A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D94550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00D981E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00D919F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D91B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D91D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00D91AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D91AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D91D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D91A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D91A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D91A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D91D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00D91CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00D91D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D91B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00D91C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00D91C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 00D91B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [57, 84] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00D91BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00D91B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00D91B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00D91CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00D91CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00D91C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00D91BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00D91C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00D91C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00D91BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D91D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00D91AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 00D91480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 00D91640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00821014 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00820804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00820A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00820C0C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00820E10 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00D91000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00D91250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00820600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 00D91E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 00D91E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00830804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 10665EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 10665E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 10454822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00830A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00830600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 008301F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 008303FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00D97E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 10454DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 00D91E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 00D91DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 00D91DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 00D91DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 00D97BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 00D97D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1560] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1792] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1792] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1792] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1792] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1792] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1792] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1792] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1808] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1864] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1864] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1864] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1924] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1924] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1924] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\spoolsv.exe[1924] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\spoolsv.exe[1924] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\spoolsv.exe[1924] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\spoolsv.exe[1924] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\spoolsv.exe[1924] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\spoolsv.exe[1924] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\spoolsv.exe[1924] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\spoolsv.exe[1924] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\spoolsv.exe[1924] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\spoolsv.exe[1924] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\spoolsv.exe[1924] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1924] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 100022D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0145C930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 0168E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0168E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 0168E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00B51014 .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00B50804 .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00B50A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00B50C0C .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00B50E10 .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[2300] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00B50600 .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2536] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\alg.exe[2536] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\alg.exe[2536] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\alg.exe[2536] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\alg.exe[2536] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\alg.exe[2536] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\System32\alg.exe[2536] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\alg.exe[2536] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\alg.exe[2536] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\System32\alg.exe[2536] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\System32\alg.exe[2536] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\alg.exe[2536] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2536] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2728] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[3164] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[3164] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10006EF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[3164] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10006F90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[3164] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[3164] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[3164] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[3164] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[3164] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[3164] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[3164] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\Explorer.EXE[3164] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\Explorer.EXE[3164] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\Explorer.EXE[3164] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\Explorer.EXE[3164] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\Explorer.EXE[3164] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[3164] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[3164] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\Explorer.EXE[3164] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\Explorer.EXE[3164] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\Explorer.EXE[3164] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\Explorer.EXE[3164] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\Explorer.EXE[3164] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\Explorer.EXE[3164] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\WINDOWS\Explorer.EXE[3164] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[3164] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[3164] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[3184] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[3184] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[3184] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ole32.dll!CoCreateInstanceEx 774EF164 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] ole32.dll!CoGetClassObject 77505205 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\RUNDLL32.EXE[3372] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Programy\Comodo\cfp.exe[4048] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0050E060 E:\Programy\Comodo\cfp.exe (COMODO Internet Security/COMODO) .text E:\Programy\Comodo\cfp.exe[4048] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text E:\Programy\Comodo\cfp.exe[4048] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text E:\Programy\Comodo\cfp.exe[4048] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text E:\Programy\Comodo\cfp.exe[4048] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text E:\Programy\Comodo\cfp.exe[4048] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text E:\Programy\Comodo\cfp.exe[4048] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text E:\Programy\Comodo\cfp.exe[4048] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text E:\Programy\Comodo\cfp.exe[4048] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text E:\Programy\Comodo\cfp.exe[4048] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text E:\Programy\Comodo\cfp.exe[4048] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text E:\Programy\Comodo\cfp.exe[4048] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text E:\Programy\Comodo\cfp.exe[4048] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text E:\Programy\Comodo\cfp.exe[4048] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text E:\Programy\Comodo\cfp.exe[4048] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text E:\Programy\Comodo\cfp.exe[4048] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text E:\Programy\Comodo\cfp.exe[4048] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text E:\Programy\Comodo\cfp.exe[4048] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisCloseAdapter] [B9E0E6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisOpenAdapter] [B9E0E7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E0E780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisRegisterProtocol] [B9E0E740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9E0E6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9E0E7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E0E780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9E0E740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9E0E740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9E0E7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9E0E6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E0E780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E0E780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9E0E740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9E0E7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9E0E6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9E0E740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B9E0E780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9E0E6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9E0E7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9E0E6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9E0E7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9E0E740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E0E780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9E0E740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9E0E7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9E0E6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\WINDOWS\system32\services.exe[1016] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00660002 IAT C:\WINDOWS\system32\services.exe[1016] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00660000 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1864] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Files - GMER 1.0.15 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-602162358-838170752-839522115-1003 0 bytes File C:\avast! sandbox\S-1-5-21-602162358-838170752-839522115-1003\webStorage 0 bytes File C:\avast! sandbox\S-1-5-21-602162358-838170752-839522115-1003\webStorage\C 0 bytes File C:\avast! sandbox\S-1-5-21-602162358-838170752-839522115-1003\webStorage\C\32788R22FWJFW 0 bytes File C:\avast! sandbox\S-1-5-21-602162358-838170752-839522115-1003\webStorage\C\32788R22FWJFW\iexplore.exe 60416 bytes executable File C:\avast! sandbox\S-1-5-21-602162358-838170752-839522115-1003\webStorage\C\32788R22FWJFW\License 0 bytes File C:\avast! sandbox\S-1-5-21-602162358-838170752-839522115-1003\webStorage\C\32788R22FWJFW\License\iexplore.exe 256000 bytes executable File C:\avast! sandbox\S-1-5-21-602162358-838170752-839522115-1003\webStorage\C\WINDOWS 0 bytes File C:\avast! sandbox\S-1-5-21-602162358-838170752-839522115-1003\webStorage\C\WINDOWS\Prefetch 0 bytes File C:\avast! sandbox\S-1-5-21-602162358-838170752-839522115-1003\webStorage\C\WINDOWS\Prefetch\IEXPLORE.EXE-0A31FE70.pf 15626 bytes File C:\avast! sandbox\S-1-5-21-602162358-838170752-839522115-1003\webStorage\snx_fs.dat 888 bytes File C:\avast! sandbox\snx_rhive 5505024 bytes File C:\avast! sandbox\snx_rhive.LOG 1024 bytes ---- EOF - GMER 1.0.15 ----