GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-06-26 16:31:16 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD600BB-00CAA1 rev.17.07W17 Running: gmer.exe; Driver: C:\DOCUME~1\Dawid\USTAWI~1\Temp\kwpyrfoc.sys ---- System - GMER 1.0.15 ---- SSDT F8C87CD6 ZwCreateKey SSDT F8C87CCC ZwCreateThread SSDT F8C87CDB ZwDeleteKey SSDT F8C87CE5 ZwDeleteValueKey SSDT F8C87CEA ZwLoadKey SSDT F8C87CB8 ZwOpenProcess SSDT F8C87CBD ZwOpenThread SSDT F8C87CF4 ZwReplaceKey SSDT F8C87CEF ZwRestoreKey SSDT F8C87CE0 ZwSetValueKey ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 1D4 804E2840 4 Bytes [EA, 7C, C8, F8] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[144] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00647E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0063CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00647E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00647ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00647EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00647E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 006474E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00647E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00647DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00647490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 00647DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00647DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00647E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00647530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00645680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0063CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00647D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00647CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00647A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00647D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00647D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00647AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006426F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00643280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00647D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00647AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00647B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00647AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00647CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00647B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00647BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 00647CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00647C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00647C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00647C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00647B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00647B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00647BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00647C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00647B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00647BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00647C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 00647A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!WinExec + 3 7C862510 2 Bytes [DE, 83] .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00647D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00641220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00641B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0064DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0064E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[472] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0064E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\Explorer.EXE[512] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] WININET.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 100279D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] WININET.dll!InternetConnectW 3FD0F862 5 Bytes JMP 100279B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[512] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[632] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[668] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 009A7E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0099CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009A7E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009A7ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 009A7EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 009A7E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 009A74E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 009A7E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 009A7DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A7490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 009A7DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 009A7DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009A7E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 009A7530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009A5680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0099CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 009A7D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009A7CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009A7A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 009A7D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009A7D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009A7AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009A26F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009A3280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009A7D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009A7AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 009A7B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 009A7AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009A7CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 009A7B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 009A7BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 009A7CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 009A7C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 009A7C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 009A7C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 009A7B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 009A7B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 009A7BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 009A7C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 009A7B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 009A7BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 009A7C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 009A7A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!WinExec + 3 7C862510 2 Bytes [14, 84] {ADC AL, 0x84} .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 009A7D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 009A1220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 009A1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 009ADFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 009A79F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 009A7A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 009A7A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 009A7A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 009A7970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 009A7990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 009AE420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[696] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 009AE1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[916] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] WININET.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 100279D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] WININET.dll!InternetConnectW 3FD0F862 5 Bytes JMP 100279B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[932] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[956] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10028AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 10028870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[980] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[992] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1240] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1316] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005166A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1316] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0052E5C0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1408] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1588] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1680] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1776] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2032] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\System32\alg.exe[2220] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2220] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\WINDOWS\system32\wscntfy.exe[2984] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wscntfy.exe[2984] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] shell32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] shell32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] shell32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Dawid\Pulpit\gmer.exe[3068] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95} .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] shell32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] shell32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] shell32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] wininet.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 100279D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] wininet.dll!InternetConnectW 3FD0F862 5 Bytes JMP 100279B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[3724] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F838C750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F838C820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F838C7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F838C7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F838C7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F838C820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F838C750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F838C7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F838C7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F838C7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F838C820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F838C750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F838C7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F838C7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F838C750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F838C820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F838C750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F838C820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F838C7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F838C7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F838C7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F838C820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F838C750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F838C7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F838C7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F838C750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F838C820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat 0 bytes File C:\WINDOWS\Microsoft.NET\ngenservice_pri3_lock.dat 0 bytes ---- EOF - GMER 1.0.15 ----