GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-19 17:51:21 Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000054 ST332062 rev.3.AE Running: ewf6cr7r.exe; Driver: C:\Users\MatiK\AppData\Local\Temp\fxldipod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8D693C14] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8D6951C4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8D693E00] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8D692F40] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8D69387A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x8D692E1C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8D693626] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8D694E54] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8D692808] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8D693F10] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8D694864] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8D693208] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8D693A56] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8D6934AC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8D6942FC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x8D6945B0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8D694B5C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8D693172] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8D693398] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x8D692C1E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8D692A0C] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C8E589 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB3092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 220 82CBA830 4 Bytes [14, 3C, 69, 8D] .text ntkrnlpa.exe!RtlSidHashLookup + 248 82CBA858 8 Bytes [C4, 51, 69, 8D, 00, 3E, 69, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82CBA8EC 4 Bytes [40, 2F, 69, 8D] .text ntkrnlpa.exe!RtlSidHashLookup + 2F8 82CBA908 4 Bytes [7A, 38, 69, 8D] .text ntkrnlpa.exe!RtlSidHashLookup + 324 82CBA934 4 Bytes [1C, 2E, 69, 8D] .text ... .text advapi32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 .text shell32.dll!ShellExecuteW 76084250 5 Bytes JMP 1002C9E0 .text shell32.dll!ShellExecuteExW 76091BCC 5 Bytes JMP 1002C9A0 .text shell32.dll!ShellExecuteEx 762B9B12 5 Bytes JMP 1002C9C0 .text shell32.dll!ShellExecuteA 762B9BAD 5 Bytes JMP 1002CA00 ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\wininit.exe[472] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\system32\wininit.exe[472] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] WS2_32.dll!WSASocketW 75593D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[472] WS2_32.dll!WSASocketA 7559B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\system32\services.exe[548] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] WS2_32.dll!WSASocketW 75593D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[548] WS2_32.dll!WSASocketA 7559B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] WS2_32.dll!WSASocketW 75593D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[556] WS2_32.dll!WSASocketA 7559B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\system32\lsm.exe[564] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[564] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[700] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[700] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\system32\taskhost.exe[728] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] ole32.dll!CoGetClassObject 759EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] ole32.dll!CoCreateInstanceEx 75A0594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[728] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] WS2_32.dll!WSASocketW 75593D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[784] WS2_32.dll!WSASocketA 7559B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programy\Comodo\COMODO\COMODO Internet Security\cmdagent.exe[840] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 0050ED30 C:\Programy\Comodo\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Programy\Comodo\COMODO\COMODO Internet Security\cmdagent.exe[840] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 005266C0 C:\Programy\Comodo\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ole32.dll!CoGetClassObject 759EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ole32.dll!CoCreateInstanceEx 75A0594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\System32\svchost.exe[984] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] ole32.dll!CoGetClassObject 759EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] ole32.dll!CoCreateInstanceEx 75A0594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] WS2_32.dll!WSASocketW 75593D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] WS2_32.dll!WSASocketA 7559B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] shell32.dll!ShellExecuteW 76084250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] shell32.dll!ShellExecuteExW 76091BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] shell32.dll!ShellExecuteEx 762B9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[984] shell32.dll!ShellExecuteA 762B9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] ole32.dll!CoGetClassObject 759EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1024] ole32.dll!CoCreateInstanceEx 75A0594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1056] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] ole32.dll!CoGetClassObject 759EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] ole32.dll!CoCreateInstanceEx 75A0594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] WS2_32.dll!WSASocketW 75593D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1056] WS2_32.dll!WSASocketA 7559B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\system32\wbem\wmiprvse.exe[1164] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] ole32.dll!CoGetClassObject 759EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] ole32.dll!CoCreateInstanceEx 75A0594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] WS2_32.dll!WSASocketW 75593D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wbem\wmiprvse.exe[1164] WS2_32.dll!WSASocketA 7559B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] ole32.dll!CoGetClassObject 759EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1192] ole32.dll!CoCreateInstanceEx 75A0594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\system32\Dwm.exe[1468] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] ole32.dll!CoGetClassObject 759EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1468] ole32.dll!CoCreateInstanceEx 75A0594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\System32\spoolsv.exe[1508] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] ole32.dll!CoGetClassObject 759EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] ole32.dll!CoCreateInstanceEx 75A0594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] WS2_32.dll!WSASocketW 75593D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1508] WS2_32.dll!WSASocketA 7559B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] ole32.dll!CoGetClassObject 759EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] ole32.dll!CoCreateInstanceEx 75A0594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] shell32.dll!ShellExecuteW 76084250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] shell32.dll!ShellExecuteExW 76091BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] shell32.dll!ShellExecuteEx 762B9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\MatiK\Desktop\ewf6cr7r.exe[1524] shell32.dll!ShellExecuteA 762B9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] ole32.dll!CoGetClassObject 759EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] ole32.dll!CoCreateInstanceEx 75A0594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] WS2_32.dll!WSASocketW 75593D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1540] WS2_32.dll!WSASocketA 7559B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\system32\PnkBstrA.exe[1692] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] SHELL32.dll!ShellExecuteW 76084250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] SHELL32.dll!ShellExecuteExW 76091BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] SHELL32.dll!ShellExecuteEx 762B9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] SHELL32.dll!ShellExecuteA 762B9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] WS2_32.dll!WSASocketW 75593D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] WS2_32.dll!WSASocketA 7559B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] ole32.dll!CoGetClassObject 759EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\PnkBstrA.exe[1692] ole32.dll!CoCreateInstanceEx 75A0594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\Explorer.EXE[1716] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] SHELL32.dll!ShellExecuteW 76084250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] SHELL32.dll!ShellExecuteExW 76091BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] SHELL32.dll!ShellExecuteEx 762B9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] SHELL32.dll!ShellExecuteA 762B9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] ole32.dll!CoGetClassObject 759EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1716] ole32.dll!CoCreateInstanceEx 75A0594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1748] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1748] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[2028] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] ole32.dll!CoGetClassObject 759EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] ole32.dll!CoCreateInstanceEx 75A0594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] WS2_32.dll!WSASocketW 75593D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2028] WS2_32.dll!WSASocketA 7559B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\system32\DllHost.exe[2036] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] ole32.dll!CoGetClassObject 759EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] ole32.dll!CoCreateInstanceEx 75A0594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DllHost.exe[2036] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 00744760 C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] WININET.dll!InternetConnectW 76D80452 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] WININET.dll!InternetConnectA 76D8050F 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] ole32.dll!CoGetClassObject 759EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] ole32.dll!CoCreateInstanceEx 75A0594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] SHELL32.dll!ShellExecuteW 76084250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] SHELL32.dll!ShellExecuteExW 76091BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] SHELL32.dll!ShellExecuteEx 762B9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2552] SHELL32.dll!ShellExecuteA 762B9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\system32\SearchIndexer.exe[2928] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] ole32.dll!CoGetClassObject 759EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] ole32.dll!CoCreateInstanceEx 75A0594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] SHELL32.dll!ShellExecuteW 76084250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] SHELL32.dll!ShellExecuteExW 76091BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] SHELL32.dll!ShellExecuteEx 762B9B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[2928] SHELL32.dll!ShellExecuteA 762B9BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[3044] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] ole32.dll!CoGetClassObject 759EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[3044] ole32.dll!CoCreateInstanceEx 75A0594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\system32\sppsvc.exe[3292] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] ole32.dll!CoGetClassObject 759EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] ole32.dll!CoCreateInstanceEx 75A0594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\sppsvc.exe[3292] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\servicing\TrustedInstaller.exe[3344] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] ole32.dll!CoGetClassObject 759EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] ole32.dll!CoCreateInstanceEx 75A0594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\servicing\TrustedInstaller.exe[3344] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Windows\System32\svchost.exe[4020] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] WS2_32.dll!WSASocketW 75593D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4020] WS2_32.dll!WSASocketA 7559B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] ntdll.dll!NtAllocateVirtualMemory 76EA4580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] ntdll.dll!NtClose 76EA4770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] ntdll.dll!NtCreateFile 76EA4870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] ntdll.dll!NtCreateProcess 76EA4940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] ntdll.dll!NtCreateProcessEx 76EA4950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] ntdll.dll!NtDeleteFile 76EA4AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] ntdll.dll!NtFreeVirtualMemory 76EA4C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] ntdll.dll!NtLoadDriver 76EA4E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] ntdll.dll!NtOpenFile 76EA4F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] ntdll.dll!NtProtectVirtualMemory 76EA51C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] ntdll.dll!NtSetInformationProcess 76EA5920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] ntdll.dll!NtUnloadDriver 76EA5C00 1 Byte [E9] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] ntdll.dll!NtUnloadDriver 76EA5C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] ntdll.dll!NtWriteVirtualMemory 76EA5D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] ntdll.dll!RtlAllocateHeap 76EB20B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] ntdll.dll!LdrUnloadDll 76EBBEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] ntdll.dll!LdrGetProcedureAddress 76EBEE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] ntdll.dll!LdrLoadDll 76EBF5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!CreateProcessW 75DA202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!CreateProcessA 75DA2062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!OpenFile 75DD410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!CreateProcessAsUserW 75DD79B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!CopyFileW 75DD8C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!MoveFileW 75DDA173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!CopyFileExW 75DE07BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!VirtualProtect 75DE50AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!DeleteFileW 75DE656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!DeleteFileA 75DE8BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!LoadLibraryExW 75DEB6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!LoadLibraryExA 75DEBC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!MoveFileWithProgressW 75DEBF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!MoveFileExW 75DEBF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!CreateFileW 75DF0B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!GetProcAddress 75DF1857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!GetModuleHandleW 75DF19C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!LoadLibraryA 75DF2884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!LoadLibraryW 75DF28D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!GetModuleHandleA 75DF28F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!CreateFileA 75DF291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!MoveFileExA 75E03013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!MoveFileWithProgressA 75E03033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!CopyFileA 75E07D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!MoveFileA 75E2AD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!CopyFileExA 75E2BBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!WinExec 75E2E76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] kernel32.dll!LoadModule 75E2EC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] ADVAPI32.dll!CreateProcessAsUserA 76D014FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] USER32.dll!EndTask 7561FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] ole32.dll!CoGetClassObject 759EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] ole32.dll!CoCreateInstanceEx 75A0594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] WS2_32.dll!WSASocketW 75593D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4036] WS2_32.dll!WSASocketA 7559B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0058D160] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0058C840] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [0058D260] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0058D1E0] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0058D1A0] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [0058BFA0] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [0058C8D0] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [0058C990] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [0058BF40] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [0058C430] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [0058C3A0] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [0058CA50] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [0058BFF0] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [0058CF20] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawEdge] [0058CED0] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [0058C1F0] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [0058CBD0] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [0058CD10] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [0058C0E0] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [0058C260] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetScrollPos] [0058C050] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [0058BF40] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHELL32.dll [USER32.dll!RegisterClassW] [0058C990] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [0058CE50] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [0058C430] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [0058CA50] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!DeleteObject] [0058BFA0] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0058D160] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0058D1E0] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0058D160] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [0058D1A0] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\ole32.dll [GDI32.dll!DeleteObject] [0058BFA0] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\ole32.dll [USER32.dll!CallWindowProcW] [0058C260] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSysColor] [0058BF40] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSystemMetrics] [0058CA50] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [0058CBD0] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\ole32.dll [USER32.dll!RegisterClassW] [0058C990] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\ole32.dll [USER32.dll!DefWindowProcW] [0058C430] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0058D160] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0058D1E0] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0058D1A0] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe[2468] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] C:\Programy\Comodo\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000041 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x57 0xF6 0x1A 0x1C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x57 0xF6 0x1A 0x1C ... ---- Files - GMER 1.0.15 ---- File C:\Programy\Comodo\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes File C:\Programy\Comodo\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes ---- EOF - GMER 1.0.15 ----