GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-22 15:28:24 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 SAMSUNG_ rev.1AA0 Running: vn7qb45c.exe; Driver: C:\DOCUME~1\marian\USTAWI~1\Temp\aftirkoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xACED37B6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xACED2D66] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xACED341C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xACED402A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xACED2C42] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xACED60E8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xACED646E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xACED262E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xACED39A2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xACED3BA2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xACED2434] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xACED4768] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xACED49BE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xACED5AF8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xACED2FFE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xACED35F8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xACED401A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xACED2062] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xACED32A2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xACED2266] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xACED4BCC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xACED5020] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xACED4DDE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xACED4580] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xACED5590] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xACED5844] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xACED3DF2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xACED5DF0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xACED42F8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xACED2F98] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xACED318E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xACED2A44] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xACED2832] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 4 Bytes CALL CEFD32AD .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9702000, 0x235297, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\svchost.exe[140] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[140] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[140] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0248CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0247CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0248CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0248CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0248CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0248CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0248C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0248CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0248CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0248C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0248CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0248CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0248CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0248C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0248A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0247CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0248CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0248CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0248CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0248CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0248CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0248CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02487790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02488320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0248CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0248CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0248CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0248CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0248CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0248CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0248CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0248CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0248CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0248CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0248CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0248CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0248CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0248CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0248CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0248CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0248CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0248CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0248CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0248CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 0248C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 0248C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0248D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [6B, 8A, CC, CC] .text C:\Program Files\ipla\ipla.exe[680] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 024862C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0248D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 02486BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0248DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0248DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0248E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0248C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0248C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0248CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0248C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0248E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0248E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] wininet.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 0248C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ipla\ipla.exe[680] wininet.dll!InternetConnectW 3FD0F862 5 Bytes JMP 0248C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[780] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[792] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] KERNEL32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] shell32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] shell32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] shell32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[864] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 028BCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 028ACD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 028BCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 028BCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 028BCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 028BCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 028BC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 028BCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 028BCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 028BC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 028BCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 028BCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 028BCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 028BC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 028BA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 028ACE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 028BCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 028BCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 028BCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 028BCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 028BCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 028BCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 028B7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 028B8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 028BCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 028BCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 028BCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 028BCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 028BCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 028BCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 028BCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 028BCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 028BCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 028BCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 028BCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 028BCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 028BCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 028BCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 028BCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 028BCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 028BCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 028BCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 028BCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 028BCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 028BD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [AE, 8A, CC, CC] {SCASB ; MOV CL, AH; INT 3 } .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 028B62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 028BD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 028B6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 028BDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 028BDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 028BE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 028BE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 028BE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 028BC920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 028BC940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 028BC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 028BC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 028BCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 028BC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] WININET.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 028BC980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\gg.exe[904] WININET.dll!InternetConnectW 3FD0F862 5 Bytes JMP 028BC960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\Ati2evxx.exe[940] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[940] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[972] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1036] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1132] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005017E0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1132] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 005181B0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe[1180] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1208] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1284] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1376] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1468] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1496] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1516] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1544] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\ctfmon.exe[1584] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1584] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\spoolsv.exe[1652] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1652] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1724] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1756] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] user32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] advapi32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] advapi32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] advapi32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] advapi32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] advapi32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] advapi32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] advapi32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1776] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0071CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0070CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0071CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0071CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0071CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0071CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0071C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0071CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0071CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0071C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0071CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0071CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0071CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0071C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0071A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0070CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0071CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0071CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0071CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0071CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0071CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0071CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00717790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00718320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0071CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0071CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0071CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0071CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0071CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0071CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0071CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0071CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0071CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0071CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0071CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0071CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0071CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0071CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0071CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0071CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0071CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0071CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0071CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0071CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0071D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [94, 88, CC, CC] {XCHG ESP, EAX; MOV AH, CL; INT 3 } .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 007162C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0071D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00716BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0071DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0071DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0071E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0071C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0071C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0071CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0071C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 0071C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[1780] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 0071C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1804] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\System32\alg.exe[1888] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[1888] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ws2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lxdxcoms.exe[1956] ws2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00B7CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00B6CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B7CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B7CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B7CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00B7CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00B7C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00B7CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00B7CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 00B7CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00B7CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B7CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00B7C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B7A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00B6CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00B7CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B7CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B7CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00B7CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B7CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B7CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B77790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B78320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B7CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B7CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00B7CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00B7CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B7CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00B7CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00B7CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 00B7CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00B7CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00B7CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00B7CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00B7CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00B7CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00B7CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00B7CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00B7CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00B7CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00B7CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B7CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00B7CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 00B7D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [DA, 88, CC, CC] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00B762C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 00B7D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00B76BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 00B7DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 00B7DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00B7E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 00B7E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 00B7E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 00B7C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2072] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 00B7C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2100] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2112] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\Explorer.EXE[2208] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] WININET.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 1002C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] WININET.dll!InternetConnectW 3FD0F862 5 Bytes JMP 1002C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2208] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\wuauclt.exe[2268] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wuauclt.exe[2268] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[2376] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 1002C750 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Skype\Phone\Skype.exe[2424] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] wininet.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 1002C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] wininet.dll!InternetConnectW 3FD0F862 5 Bytes JMP 1002C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] shell32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] shell32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] shell32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Skype\Phone\Skype.exe[2424] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Messenger\msmsgs.exe[2432] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] WININET.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 1002C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Messenger\msmsgs.exe[2432] WININET.dll!InternetConnectW 3FD0F862 5 Bytes JMP 1002C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] KERNEL32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] shell32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] shell32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] shell32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2584] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\System32\svchost.exe[2844] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2844] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3088] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00A7CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A6CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A7CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A7CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A7CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00A7CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00A7C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00A7CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00A7CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A7C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 00A7CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00A7CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A7CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00A7C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A7A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00A6CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00A7CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A7CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A7CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00A7CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A7CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A7CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A77790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A78320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A7CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A7CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00A7CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00A7CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A7CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00A7CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00A7CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 00A7CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00A7CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00A7CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00A7CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00A7CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00A7CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00A7CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00A7CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00A7CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00A7CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00A7CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A7CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00A7CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 00A7D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [CA, 88, CC, CC] {RETF 0xcc88; INT 3 } .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00A762C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 00A7D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00A76BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 00A7DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 00A7DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00A7E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 00A7E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 00A7E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 00A7C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe[3116] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 00A7C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\RTHDCPL.EXE[3128] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[3128] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\V0420Mon.exe[3144] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\V0420Mon.exe[3144] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3196] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ws2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[3228] ws2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] KERNEL32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] shell32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] shell32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] shell32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[3276] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] KERNEL32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] shell32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] shell32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] shell32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3300] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 009ECE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 009DCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009ECDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009ECE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 009ECE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 009ECE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 009EC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 009ECDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 009ECDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009EC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 009ECD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 009ECD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009ECE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 009EC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009EA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 009DCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 009ECD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009ECC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009ECA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 009ECCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009ECCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009ECA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009E7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009E8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009ECD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009ECA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 009ECAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 009ECAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009ECC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 009ECB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 009ECBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 009ECCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 009ECBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 009ECC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 009ECC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 009ECB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 009ECAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 009ECB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 009ECBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 009ECB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 009ECB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 009ECC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009ECA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 009ECD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 009EE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 009ED830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [C1, 88, CC, CC] .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 009E62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 009ED590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 009E6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 009EDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 009EDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 009EC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 009EC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 009ECA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 009EC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 009EE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[3372] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 009EE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] shell32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] shell32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] shell32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\marian\Moje dokumenty\Downloads\vn7qb45c.exe[3412] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3544] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3608] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3616] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00719AB0 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] WININET.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 1002C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] WININET.dll!InternetConnectW 3FD0F862 5 Bytes JMP 1002C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3644] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9E096E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9E097B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E09780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9E09740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9E09740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9E097B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9E096E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E09780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E09780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9E09740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9E097B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9E096E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9E09740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B9E09780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9E096E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9E097B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9E096E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9E097B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9E09740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E09780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9E09740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9E097B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9E096E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B9E09740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E09780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B9E096E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9E097B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) ---- EOF - GMER 1.0.15 ----