GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-23 13:40:18 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 SAMSUNG_ rev.VT10 Running: mbccyrxz.exe; Driver: C:\Temp\pxtdqpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xACC7180A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xACC70D8A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xACC71470] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xACC7207E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xACC70C66] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xACC7413C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xACC744C2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xACC70652] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xACC719F6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xACC71BF6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xACC70458] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xACC727BC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xACC72A12] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xACC73B4C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xACC71052] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xACC7164C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xACC7206E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xACC70086] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xACC712F6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xACC7028A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xACC72C20] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xACC73074] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xACC72E32] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xACC725D4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xACC735E4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xACC73898] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xACC71E46] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xACC73E44] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xACC7234C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xACC70FBC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xACC711E2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xACC70A68] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xACC70856] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB5D493A0, 0x5FDF82, 0xE8000020] ? C:\Temp\ALSysIO.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\svchost.exe[432] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\svchost.exe[432] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[432] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0069CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0068CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0069CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0069CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0069CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0069CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0069C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0069CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0069CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0069C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0069CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0069CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0069CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0069C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0069A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0068CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0069CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0069CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0069CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0069CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0069CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0069CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00697790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00698320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0069CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0069CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0069CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0069CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0069CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0069CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0069CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0069CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0069CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0069CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0069CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0069CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0069CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0069CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0069CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0069CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0069CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0069CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0069CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0069CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0069D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [8C, 88, CC, CC] .text C:\Program Files\Prio\prio_svc.exe[512] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 3 Bytes JMP 006962C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ADVAPI32.dll!CreateProcessAsUserW + 4 77DDA8AD 1 Byte [88] .text C:\Program Files\Prio\prio_svc.exe[512] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0069D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00696BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0069DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0069DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[512] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0069E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\System32\alg.exe[580] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 0062C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 0062C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[580] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[864] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 0062C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 0062C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[876] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text D:\fixitpc\mbccyrxz.exe[956] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] shell32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] shell32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] shell32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\mbccyrxz.exe[956] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1088] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1120] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0050ED30 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1120] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 005266C0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1156] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1260] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1484] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 008BCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 008ACD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 008BCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008BCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 008BCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 008BCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 008BC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 008BCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 008BCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008BC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 008BCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 008BCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 008BCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 008BC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 008BA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 008ACE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 008BCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008BCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008BCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 008BCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008BCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008BCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008B7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008B8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008BCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008BCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 008BCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 008BCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008BCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 008BCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 008BCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 008BCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 008BCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 008BCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 008BCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 008BCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 008BCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 008BCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 008BCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 008BCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 008BCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 008BCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008BCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 008BCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 008BD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [AE, 88, CC, CC] {SCASB ; MOV AH, CL; INT 3 } .text C:\WINDOWS\notepad.exe[1496] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 008B62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 008BD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 008B6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 008BDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 008BDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 008BE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 008BC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 008BC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 008BCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 008BC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 008BE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\notepad.exe[1496] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 008BE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0039CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0038CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0039CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0039CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0039CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0039CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0039C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0039CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0039CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0039C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0039CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0039CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0039CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0039C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0039A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0038CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0039CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0039CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0039CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0039CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0039CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0039CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00397790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00398320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0039CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0039CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0039CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0039CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0039CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0039CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0039CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0039CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0039CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0039CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0039CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0039CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0039CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0039CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0039CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0039CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0039CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0039CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0039CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0039D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [5C, 88, CC, CC] {POP ESP; MOV AH, CL; INT 3 } .text C:\WINDOWS\Explorer.EXE[1756] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 003962C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0039D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00396BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0039DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0039DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0039E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0039E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0039E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] WININET.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 0039C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] WININET.dll!InternetConnectW 3FD0F862 5 Bytes JMP 0039C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0039C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0039C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0039CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1756] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0039C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1936] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00744760 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0093CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0092CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0093CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0093CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0093CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0093CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0093C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0093CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0093CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0093C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0093CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0093CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0093C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0093A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0092CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0093CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0093CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0093CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0093CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0093CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0093CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00937790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00938320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0093CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0093CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0093CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0093CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0093CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0093CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0093CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0093CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0093CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0093CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0093CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0093CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0093CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0093CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0093CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0093CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0093CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0093CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0093CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0093CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] user32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0093E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0093D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [B6, 88, CC, CC] {MOV DH, 0x88; INT 3 ; INT 3 } .text C:\Program Files\MultiRes\MultiRes.exe[1964] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 009362C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0093D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00936BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0093DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0093DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0093E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0093E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] shell32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0093C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] shell32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0093C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] shell32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0093CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[1964] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0093C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\System32\svchost.exe[2244] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2244] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00BDCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00BCCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BDCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BDCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00BDCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00BDCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00BDC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00BDCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00BDCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BDC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 00BDCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00BDCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BDCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00BDC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00BDA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00BCCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00BDCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BDCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BDCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00BDCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BDCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BDCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BDCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BDCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00BDCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00BDCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BDCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00BDCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00BDCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 00BDCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00BDCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00BDCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00BDCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00BDCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00BDCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00BDCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00BDCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00BDCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00BDCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00BDCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BDCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00BDCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 00BDD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [E0, 88, CC, CC] {LOOPNZ 0xffffffffffffff8a; INT 3 ; INT 3 } .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00BD62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 00BDD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00BD6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 00BDDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 00BDDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00BDE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 00BDC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 00BDC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 00BDCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 00BDC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 00BDE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 00BDE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] WS2_32.dll!WSASocketW 71A5404E 3 Bytes JMP 00BDC920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] WS2_32.dll!WSASocketW + 4 71A54052 3 Bytes [8F, CC, CC] .text C:\Documents and Settings\Q3A\Dane aplikacji\uTorrent\uTorrent.exe[3428] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 00BDC940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B7DE27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Ip prio.sys (Prio Network Activity Driver/Xeno) AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (Jądro i system NT/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp prio.sys (Prio Network Activity Driver/Xeno) AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (Jądro i system NT/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp prio.sys (Prio Network Activity Driver/Xeno) AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (Jądro i system NT/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp prio.sys (Prio Network Activity Driver/Xeno) AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (Jądro i system NT/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x4C 0xA6 0xB5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x4C 0xA6 0xB5 ... ---- EOF - GMER 1.0.15 ----