GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-03-01 20:30:02 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM080JI rev.YC100-02 Running: 6llpm4x2.exe; Driver: C:\DOCUME~1\Kuba\USTAWI~1\Temp\uwtdapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xAA79180A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xAA790D8A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xAA791470] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xAA79207E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xAA790C66] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xAA79413C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xAA7944C2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xAA790652] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xAA7919F6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xAA791BF6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xAA790458] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xAA7927BC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xAA792A12] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xAA793B4C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xAA791052] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xAA79164C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xAA79206E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xAA790086] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xAA7912F6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xAA79028A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xAA792C20] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xAA793074] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xAA792E32] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xAA7925D4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xAA7935E4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xAA793898] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xAA791E46] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xAA793E44] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xAA79234C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xAA790FBC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xAA7911E2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xAA790A68] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xAA790856] INT 0x62 ? 82375BF8 INT 0x82 ? 82375BF8 INT 0x83 ? 8215ABF8 INT 0x84 ? 8215ABF8 INT 0x94 ? 8215ABF8 INT 0xA4 ? 8215ABF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spum.sys Nie można odnaleźć określonego pliku. ! .text USBPORT.SYS!DllUnload F7C2862C 5 Bytes JMP 8215A1D8 init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF78EB23F] init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF77CE900] ---- User code sections - GMER 1.0.15 ---- .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] shell32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] shell32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] shell32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Kuba\Pulpit\6llpm4x2.exe[492] shell32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\WINDOWS\system32\services.exe[960] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[960] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\WINDOWS\system32\lsass.exe[972] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] WS2_32.dll!WSASocketW 71A539CB 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] WS2_32.dll!WSASocketA 71A58769 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[972] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] WS2_32.dll!WSASocketW 71A539CB 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] WS2_32.dll!WSASocketA 71A58769 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Java\jre6\bin\jqs.exe[1336] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 00ADCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00ACCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00ADCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 00ADCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 00ADCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 00ADCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 00ADC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 00ADCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 00ADCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 00ADC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 00ADCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 00ADCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00ADCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 00ADC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00ADA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00ACCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 00ADCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00ADCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00ADCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 00ADCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00ADCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00ADCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AD7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AD8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00ADCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 00ADCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 00ADCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00ADCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 00ADCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 00ADCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 00ADCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00ADCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 00ADCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00ADCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 00ADCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 00ADCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00ADCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00ADCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 00ADCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 00ADCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 00ADCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00ADCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 00ADCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 00AD62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 00AD6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 00ADDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 00ADDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [CB, 88, CC, CC] {RETF ; MOV AH, CL; INT 3 } .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 00ADE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 00ADE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 00ADE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 00ADC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 00ADC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 00ADCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1404] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 00ADC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\WINDOWS\Explorer.EXE[1496] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 1002C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1496] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 1002C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\WINDOWS\SOUNDMAN.EXE[1644] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\SOUNDMAN.EXE[1644] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\WINDOWS\AGRSMMSG.exe[1652] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\AGRSMMSG.exe[1652] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 003BCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 003ACD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 003BCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 003BCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 003BCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 003BCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 003BC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 003BCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 003BCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 003BC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 003BCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 003BCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 003BCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 003BC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003BA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 003ACE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 003BCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 003BCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 003BCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 003BCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 003BCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 003BCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 003B7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 003B8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 003BCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 003BCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 003BCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 003BCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 003BCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 003BCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 003BCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 003BCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 003BCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 003BCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 003BCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 003BCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 003BCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 003BCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 003BCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 003BCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 003BCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 003BCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 003BCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 003BCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 003BE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 003BD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 003BD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 003B62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 003B6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 003BDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 003BDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [59, 88, CC, CC] {POP ECX; MOV AH, CL; INT 3 } .text C:\Program Files\ltmoh\Ltmoh.exe[1660] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 003BC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 003BC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 003BCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 003BC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 003BE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ltmoh\Ltmoh.exe[1660] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 003BE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1668] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1676] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\LaunchAp.exe[1688] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 003BCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 003ACD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 003BCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 003BCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 003BCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 003BCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 003BC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 003BCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 003BCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 003BC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 003BCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 003BCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 003BCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 003BC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003BA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 003ACE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 003BCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 003BCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 003BCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 003BCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 003BCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 003BCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 003B7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 003B8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 003BCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 003BCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 003BCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 003BCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 003BCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 003BCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 003BCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 003BCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 003BCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 003BCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 003BCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 003BCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 003BCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 003BCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 003BCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 003BCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 003BCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 003BCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 003BCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 003BCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 003BE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 003BD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 003BD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 003B62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 003B6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 003BDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 003BDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [59, 88, CC, CC] {POP ECX; MOV AH, CL; INT 3 } .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 003BE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\HotkeyApp.exe[1696] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 003BE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\OSD.exe[1716] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Launch Manager\Wbutton.exe[1736] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\Program Files\Launch Manager\Wbutton.exe[1736] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 003DCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 003CCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 003DCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 003DCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 003DCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 003DCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 003DC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 003DCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 003DCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 003DC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 003DCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 003DCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 003DCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 003DC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003DA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 003CCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 003DCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 003DCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 003DCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 003DCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 003DCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 003DCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 003D7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 003D8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 003DCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 003DCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 003DCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 003DCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 003DCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 003DCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 003DCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 003DCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 003DCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 003DCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 003DCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 003DCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 003DCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 003DCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 003DCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 003DCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 003DCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 003DCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 003DCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 003DCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 003DD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 003DD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 003D62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 003D6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 003DDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 003DDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [5B, 88, CC, CC] {POP EBX; MOV AH, CL; INT 3 } .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 003DE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 003DE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 003DE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 003DC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 003DC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 003DCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1748] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 003DC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 00ACCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00ABCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00ACCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 00ACCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 00ACCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 00ACCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 00ACC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 00ACCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 00ACCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 00ACC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 00ACCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 00ACCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00ACCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 00ACC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00ACA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00ABCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 00ACCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00ACCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00ACCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 00ACCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00ACCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00ACCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AC7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AC8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00ACCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00ACCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 00ACCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 00ACCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00ACCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 00ACCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 00ACCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 00ACCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00ACCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 00ACCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00ACCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 00ACCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 00ACCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00ACCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00ACCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 00ACCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 00ACCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 00ACCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00ACCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 00ACCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 00ACD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 00ACD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 00AC62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 00AC6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 00ACDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 00ACDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [CA, 88, CC, CC] {RETF 0xcc88; INT 3 } .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 00ACE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 00ACE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 00ACE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 00ACC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 00ACC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 00ACCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1756] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 00ACC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 003DCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 003CCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 003DCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 003DCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 003DCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 003DCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 003DC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 003DCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 003DCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 003DC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 003DCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 003DCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 003DCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 003DC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003DA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 003CCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 003DCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 003DCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 003DCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 003DCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 003DCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 003DCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 003D7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 003D8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 003DCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 003DCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 003DCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 003DCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 003DCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 003DCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 003DCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 003DCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 003DCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 003DCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 003DCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 003DCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 003DCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 003DCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 003DCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 003DCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 003DCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 003DCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 003DCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 003DCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 003DE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 003DD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 003DD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 003D62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 003D6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 003DDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 003DDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [5B, 88, CC, CC] {POP EBX; MOV AH, CL; INT 3 } .text C:\WINDOWS\system32\igfxtray.exe[1764] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 003DE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 003DE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 003DC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 003DC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 003DCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\igfxtray.exe[1764] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 003DC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 00744760 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 823785E0 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8454C4C] spum.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8454CA0] spum.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8424040] spum.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F842413C] spum.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84240BE] spum.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F84247FC] spum.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84246D2] spum.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8215A2D8 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8434048] spum.sys IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F828B750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F828B820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F828B7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F828B7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F828B7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F828B820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F828B750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F828B7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F828B7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F828B7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F828B820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F828B750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F828B7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F828B750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F828B820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F828B7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F828B750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F828B7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F828B820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F828B7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F828B7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F828B820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F828B750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F828B750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F828B820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F828B7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F828B7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F828B7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F828B7F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F828B750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F828B820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [0058D2F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [0058D260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0058C840] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0058D1E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [0058C840] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [0058D260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0058D160] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0058D160] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0058C840] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0058C840] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] [0058D260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0058C840] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [0058BFA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [0058D260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0058D1A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0058D1E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0058D160] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0058C840] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [0058C3A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [0058C430] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [0058BF40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [0058C8D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [0058C990] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SystemParametersInfoW] [0058CBD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [0058C260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [0058C300] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [0058CA50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteObject] [0058BFA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [0058CD10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [0058C3A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [0058CA50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [0058BF40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [0058C430] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!RegisterClassW] [0058C990] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [0058BFF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!FillRect] [0058CE50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [0058CF20] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawEdge] [0058CED0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [0058CBD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [0058C1F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [0058C260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [0058C0E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] [0058D260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0058D160] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [0058C840] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0058D1E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0058D1A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [0058BFA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0058D160] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0058C840] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0058D1E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0058D1A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [0058CBD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSystemMetrics] [0058CA50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [0058BF40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [0058C260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!RegisterClassW] [0058C990] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [0058C430] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0058D160] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [0058C840] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0058D1A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0058D1E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [0058C840] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] [0058D260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!GetSystemMetrics] [0058CA50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0058D2F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [0058D160] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0058D1A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateThread] [0058C840] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0058D2F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0058D120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1804] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!GetSystemMetrics] [0058CA50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 823741F8 AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\usbuhci \Device\USBPDO-0 821591F8 Device \Driver\usbuhci \Device\USBPDO-1 821591F8 Device \Driver\usbuhci \Device\USBPDO-2 821591F8 Device \Driver\usbuhci \Device\USBPDO-3 821591F8 Device \Driver\usbehci \Device\USBPDO-4 8212C1F8 AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \Driver\Ftdisk \Device\HarddiskVolume1 823E21F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 823E21F8 Device \Driver\Cdrom \Device\CdRom0 81E9A1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 823751F8 Device \Driver\atapi \Device\Ide\IdePort0 823751F8 Device \Driver\atapi \Device\Ide\IdePort1 823751F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 823751F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 823E21F8 Device \Driver\Ftdisk \Device\HarddiskVolume4 823E21F8 Device \Driver\Ftdisk \Device\HarddiskVolume5 823E21F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 820F3500 Device \Driver\NetBT \Device\NetbiosSmb 820F3500 Device \Driver\NetBT \Device\NetBT_Tcpip_{E1963800-0074-4A08-8970-3849105687D7} 820F3500 Device \Driver\NetBT \Device\NetBT_Tcpip_{2E3ED079-5A27-48C3-B71E-BD71873E5E7A} 820F3500 AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \Driver\usbuhci \Device\USBFDO-0 821591F8 Device \Driver\usbuhci \Device\USBFDO-1 821591F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82099500 Device \Driver\usbuhci \Device\USBFDO-2 821591F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 82099500 Device \Driver\usbuhci \Device\USBFDO-3 821591F8 Device \Driver\usbehci \Device\USBFDO-4 8212C1F8 Device \Driver\Ftdisk \Device\FtControl 823E21F8 Device \FileSystem\Cdfs \Cdfs 82073500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x44 0xF0 0xE5 0x91 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x44 0xF0 0xE5 0x91 ... ---- Files - GMER 1.0.15 ---- File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes ---- EOF - GMER 1.0.15 ----