GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-09-18 13:13:24 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160815A rev.3.AAC Running: gmer.exe; Driver: C:\DOCUME~1\tom\USTAWI~1\Temp\kfworfod.sys ---- Kernel code sections - GMER 1.0.15 ---- .xreloc C:\WINDOWS\system32\drivers\sfsync04.sys unknown last section [0xF754C000, 0xC5E, 0x40000040] ---- User code sections - GMER 1.0.15 ---- .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] shell32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] shell32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] shell32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\tom\Pulpit\Użytki\gmer.exe[300] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[488] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\winlogon.exe[532] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[532] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[596] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[608] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[760] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[808] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[908] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[988] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1068] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 1002C750 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 406146A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ole32.dll!CoCreateInstance 774EF1AC 5 Bytes JMP 406ADB98 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] ole32.dll!OleLoadFromStream 7751981B 5 Bytes JMP 407A569F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] WININET.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 1002C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1100] WININET.dll!InternetConnectW 3FD0F862 5 Bytes JMP 1002C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\Explorer.EXE[1360] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] WININET.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 1002C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] WININET.dll!InternetConnectW 3FD0F862 5 Bytes JMP 1002C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1360] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 1002C750 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] WININET.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 1002C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1600] WININET.dll!InternetConnectW 3FD0F862 5 Bytes JMP 1002C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\ctfmon.exe[1744] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1744] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 1002C750 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 406146A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ole32.dll!CoCreateInstance 774EF1AC 5 Bytes JMP 406ADB98 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] ole32.dll!OleLoadFromStream 7751981B 5 Bytes JMP 407A569F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] WININET.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 1002C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Internet Explorer\iexplore.exe[1756] WININET.dll!InternetConnectW 3FD0F862 5 Bytes JMP 1002C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F73F2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F73F2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F73F27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F73F27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F73F27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F73F2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F73F2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F73F27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F73F27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F73F27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F73F2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F73F2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F73F27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F73F27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F73F2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F73F2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F73F2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F73F2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F73F27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Internet Explorer\iexplore.exe[1100] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[1756] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider) AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider) ---- EOF - GMER 1.0.15 ----