GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-12-06 21:23:19 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1600BEVE-11UYT0 rev.01.04A01 Running: zekdwxj5.exe; Driver: C:\WINDOWS.0\TEMP\awaoyfoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xAA7917B6] SSDT \??\C:\WINDOWS.0\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xF6C15B30] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xAA790D66] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xAA79141C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xAA79202A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xAA790C42] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xAA7940E8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xAA79446E] SSDT \??\C:\WINDOWS.0\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xF6C156F0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xAA7919A2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xAA791BA2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xAA790434] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xAA792768] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xAA7929BE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xAA793AF8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xAA790FFE] SSDT \??\C:\WINDOWS.0\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xF6C15470] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xAA7915F8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xAA79201A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xAA790062] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xAA7912A2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xAA790266] SSDT \??\C:\WINDOWS.0\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xF6C15C50] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xAA792BCC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xAA793020] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xAA792DDE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xAA792580] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xAA793590] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xAA793844] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xAA791DF2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xAA793DF0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xAA7922F8] SSDT \??\C:\WINDOWS.0\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xF6C15990] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xAA79118E] SSDT \??\C:\WINDOWS.0\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwTerminateProcess [0xF6C158D0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xAA790832] SSDT \??\C:\WINDOWS.0\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xF6C15D60] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 242C 80501C54 4 Bytes CALL DAFA9599 init C:\WINDOWS.0\system32\drivers\tifm21.sys entry point in "init" section [0xF6EFFDBF] .text tcpip.sys!IPTransmit + 10FC AA6C0D3A 6 Bytes CALL F7307FB0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) .text tcpip.sys!IPTransmit + 2A52 AA6C2690 6 Bytes CALL F7307FB0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) .text tcpip.sys!IPRegisterProtocol + 8A7 AA6D8480 6 Bytes CALL F7307FB0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) .text wanarp.sys F773C3FD 4 Bytes CALL F7308100 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) .text wanarp.sys F773C402 2 Bytes [90, 90] {NOP ; NOP } ? C:\ComboFix\catchme.sys System nie może odnaleźć określonej ścieżki. ! ? C:\WINDOWS.0\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 00AECE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 00ADCD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 00AECDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 00AECE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 00AECE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 00AECE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 00AEC490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 00AECDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 00AECDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00AEC440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 00AECD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 00AECD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00AECE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 00AEC4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00AEA630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00ADCE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 00AECD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AECC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AECA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00AECCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AECCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AECA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AE7790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AE8320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00AECD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00AECA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 00AECAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 00AECAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00AECC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 00AECB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00AECBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 00AECCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 00AECBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00AECC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00AECC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 00AECB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 00AECAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 00AECB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00AECBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 00AECB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 00AECB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 00AECC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00AECA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 00AECD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 00AED830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [D1, 88, CC, CC] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 00AE62C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 00AED590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 00AE6BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 00AEDD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 00AEDAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00AEE3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 00AEE840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 00AEE600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 00AEC920 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[204] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 00AEC940 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS.0\system32\spoolsv.exe[388] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\spoolsv.exe[388] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\SCardSvr.exe[504] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS.0\srntservice.exe[644] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\srntservice.exe[644] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[792] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS.0\system32\services.exe[1000] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\services.exe[1000] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS.0\system32\lsass.exe[1012] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\lsass.exe[1012] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS.0\system32\svchost.exe[1172] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1172] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text E:\Program Files\Sygate\SPF\smc.exe[1212] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] WININET.dll!InternetConnectA 771B3452 5 Bytes JMP 1002C980 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Sygate\SPF\smc.exe[1212] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 1002C960 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS.0\system32\svchost.exe[1240] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1240] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS.0\system32\svchost.exe[1384] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1384] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS.0\system32\svchost.exe[1488] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1488] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00] .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1624] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1636] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\AGRSMMSG.exe[1664] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] WININET.dll!InternetConnectA 771B3452 5 Bytes JMP 1002C980 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\iPlus\iPlusChecker.exe[1676] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 1002C960 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] user32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] advapi32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] advapi32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] advapi32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] advapi32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] advapi32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] advapi32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] advapi32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] shell32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] shell32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] shell32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] shell32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] WS2_32.DLL!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text e:\Program Files\iolo\common\lib\ioloServiceManager.exe[1704] WS2_32.DLL!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\sagem SA\DgIpSvr.exe[1708] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS.0\system32\svchost.exe[1744] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[1744] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 0093CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 0092CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 0093CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 0093CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 0093CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 0093CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 0093C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 0093CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 0093CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 0093C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 0093CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 0093CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 0093CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 0093C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0093A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0092CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 0093CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0093CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0093CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0093CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0093CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0093CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00937790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00938320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 0093CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0093CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 0093CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 0093CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0093CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 0093CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 0093CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 0093CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 0093CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 0093CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 0093CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 0093CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 0093CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 0093CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 0093CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 0093CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 0093CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 0093CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 0093CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 0093CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0093E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 0093D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [B6, 88, CC, CC] {MOV DH, 0x88; INT 3 ; INT 3 } .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 009362C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 0093D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 00936BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 0093DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 0093DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 0093C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 0093C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 0093CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 0093C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 0093E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxtray.exe[1776] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 0093E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 0092CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ntdll.dll!NtClose 7C90CFD0 3 Bytes JMP 0091CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ntdll.dll!NtClose + 4 7C90CFD4 1 Byte [84] .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 0092CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 0092CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 0092CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 0092CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 0092C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 0092CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 0092CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 0092C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 0092CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 0092CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 0092CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 0092C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0092A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes JMP 0091CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ntdll.dll!LdrUnloadDll + 4 7C91736F 1 Byte [84] .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 0092CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0092CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0092CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0092CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0092CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0092CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00927790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00928320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 0092CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0092CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 0092CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 0092CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0092CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 0092CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 0092CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 0092CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 0092CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 0092CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 0092CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 0092CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 0092CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 0092CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 0092CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 0092CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 0092CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 0092CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 0092CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 0092CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0092E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 0092D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [B5, 88, CC, CC] {MOV CH, 0x88; INT 3 ; INT 3 } .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 009262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 0092D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 00926BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 0092DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 0092DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 0092E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\hkcmd.exe[1784] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 0092E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxpers.exe[1796] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\igfxsrvc.exe[1800] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1968] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] advapi32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] advapi32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\totalcmd\TOTALCMD.EXE[2160] advapi32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] advapi32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] advapi32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] advapi32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] advapi32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\totalcmd\TOTALCMD.EXE[2160] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS.0\system32\svchost.exe[2212] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\svchost.exe[2212] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS.0\System32\alg.exe[2476] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\System32\alg.exe[2476] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\system32\wbem\wmiprvse.exe[2752] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text G:\combofix\zekdwxj5.exe[2920] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] shell32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] shell32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] shell32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text G:\combofix\zekdwxj5.exe[2920] shell32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3492] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS.0\explorer.exe[3800] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] WININET.dll!InternetConnectA 771B3452 5 Bytes JMP 1002C980 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 1002C960 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 1002C9A0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 1002C9C0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 1002CA00 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS.0\explorer.exe[3800] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 1002C9E0 C:\WINDOWS.0\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7308DF0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7308D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F7308C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F7308A40] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F7308A40] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7308D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7308DF0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F7308C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F7308C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F7308A40] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7308D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F7308DF0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F7308A40] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F7308C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7308DF0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7308D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7308DF0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7308D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F7308A40] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F7308C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F7308A40] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7308D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7308DF0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F7308DF0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F7308D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F7308C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F7308A40] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [F7308D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [F7308A40] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [F7308DF0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [F7308C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F7308A40] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F7308C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7308DF0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7308D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisRegisterProtocol] [F7308A40] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisOpenAdapter] [F7308D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisDeregisterProtocol] [F7308C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisCloseAdapter] [F7308DF0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS.0\explorer.exe[3800] @ C:\WINDOWS.0\explorer.exe [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\explorer.exe[3800] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\explorer.exe[3800] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\explorer.exe[3800] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\explorer.exe[3800] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\explorer.exe[3800] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\explorer.exe[3800] @ C:\WINDOWS.0\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\explorer.exe[3800] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\explorer.exe[3800] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\explorer.exe[3800] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\explorer.exe[3800] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\explorer.exe[3800] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\explorer.exe[3800] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\explorer.exe[3800] @ C:\WINDOWS.0\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\explorer.exe[3800] @ C:\WINDOWS.0\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\explorer.exe[3800] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\explorer.exe[3800] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET) ---- EOF - GMER 1.0.15 ----