GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-18 15:23:48 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 SAMSUNG_ rev.VT10 Running: mbccyrxz.exe; Driver: C:\Temp\pxtdqpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xAD2B380A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xAD2B2D8A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xAD2B3470] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xAD2B407E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xAD2B2C66] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xAD2B613C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xAD2B64C2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xAD2B2652] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xAD2B39F6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xAD2B3BF6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xAD2B2458] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xAD2B47BC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xAD2B4A12] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xAD2B5B4C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xAD2B3052] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xAD2B364C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xAD2B406E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xAD2B2086] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xAD2B32F6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xAD2B228A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xAD2B4C20] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xAD2B5074] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xAD2B4E32] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xAD2B45D4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xAD2B55E4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xAD2B5898] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xAD2B3E46] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xAD2B5E44] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xAD2B434C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xAD2B2FBC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xAD2B31E2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xAD2B2A68] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xAD2B2856] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB5EA43A0, 0x5FDF82, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[456] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0069CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0068CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0069CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0069CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0069CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0069CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0069C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0069CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0069CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0069C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0069CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0069CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0069CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0069C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0069A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0068CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0069CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0069CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0069CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0069CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0069CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0069CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00697790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00698320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0069CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0069CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0069CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0069CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0069CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0069CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0069CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0069CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0069CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0069CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0069CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0069CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0069CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0069CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0069CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0069CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0069CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0069CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0069CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0069CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0069D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [8C, 88, CC, CC] .text C:\Program Files\Prio\prio_svc.exe[592] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 3 Bytes JMP 006962C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ADVAPI32.dll!CreateProcessAsUserW + 4 77DDA8AD 1 Byte [88] .text C:\Program Files\Prio\prio_svc.exe[592] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0069D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00696BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0069DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0069DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[592] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0069E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 0062C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 0062C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\System32\alg.exe[984] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 0062C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 0062C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[984] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 006BCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 006ACD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006BCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006BCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 006BCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 006BCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 006BC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 006BCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 006BCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006BC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 006BCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 006BCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006BCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 006BC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 006BA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 006ACE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 006BCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006BCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006BCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 006BCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006BCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006BCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006B7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006B8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006BCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006BCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 006BCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 006BCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006BCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 006BCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 006BCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 006BCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 006BCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 006BCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 006BCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 006BCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 006BCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 006BCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 006BCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 006BCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 006BCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 006BCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006BCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 006BCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 006BD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [8E, 88, CC, CC] .text C:\WINDOWS\system32\nvsvc32.exe[1040] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006B62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 006BD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 3 Bytes JMP 006B6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ADVAPI32.dll!CreateProcessAsUserA + 4 77E00CEC 1 Byte [88] .text C:\WINDOWS\system32\nvsvc32.exe[1040] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 006BDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 006BDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\nvsvc32.exe[1040] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 006BE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1072] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1124] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1156] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0050ED30 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1156] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 005266C0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1192] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1488] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0039CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0038CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0039CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0039CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0039CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0039CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0039C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0039CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0039CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0039C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0039CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0039CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0039CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0039C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0039A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0038CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0039CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0039CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0039CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0039CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0039CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0039CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00397790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00398320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0039CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0039CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0039CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0039CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0039CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0039CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0039CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0039CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0039CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0039CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0039CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0039CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0039CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0039CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0039CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0039CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0039CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0039CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0039CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0039D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [5C, 88, CC, CC] {POP ESP; MOV AH, CL; INT 3 } .text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 003962C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0039D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00396BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0039DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0039DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0039E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0039E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0039E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] WININET.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 0039C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] WININET.dll!InternetConnectW 3FD0F862 5 Bytes JMP 0039C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0039C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0039C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0039CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1732] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0039C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1840] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00744760 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0093CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0092CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0093CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0093CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0093CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0093CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0093C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0093CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0093CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0093C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0093CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0093CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0093C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0093A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0092CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0093CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0093CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0093CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0093CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0093CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0093CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00937790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00938320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0093CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0093CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0093CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0093CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0093CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0093CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0093CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0093CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0093CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0093CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0093CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0093CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0093CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0093CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0093CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0093CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0093CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0093CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0093CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0093CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] user32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0093E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0093D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [B6, 88, CC, CC] {MOV DH, 0x88; INT 3 ; INT 3 } .text C:\Program Files\MultiRes\MultiRes.exe[1888] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 009362C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0093D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00936BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0093DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0093DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0093E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0093E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] shell32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0093C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] shell32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0093C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] shell32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0093CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1888] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0093C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2540] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text D:\fixitpc\mbccyrxz.exe[3836] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] shell32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] shell32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] shell32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[3836] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B7DE27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Ip prio.sys (Prio Network Activity Driver/Xeno) AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (Jądro i system NT/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp prio.sys (Prio Network Activity Driver/Xeno) AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (Jądro i system NT/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp prio.sys (Prio Network Activity Driver/Xeno) AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (Jądro i system NT/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp prio.sys (Prio Network Activity Driver/Xeno) AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (Jądro i system NT/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x4C 0xA6 0xB5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x4C 0xA6 0xB5 ... ---- EOF - GMER 1.0.15 ----