GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-03-09 15:56:12 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 SAMSUNG_ rev.VT10 Running: swxexqsg.exe; Driver: C:\Temp\pxtdqpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB43E480A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB43E3D8A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB43E4470] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xB43E507E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xB43E3C66] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB43E713C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB43E74C2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB43E3652] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xB43E49F6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xB43E4BF6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xB43E3458] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xB43E57BC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xB43E5A12] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB43E6B4C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB43E4052] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB43E464C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xB43E506E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xB43E3086] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB43E42F6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xB43E328A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xB43E5C20] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xB43E6074] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xB43E5E32] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xB43E55D4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB43E65E4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xB43E6898] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB43E4E46] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB43E6E44] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xB43E534C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB43E3FBC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB43E41E2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB43E3A68] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB43E3856] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB73B63A0, 0x5FDF82, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Prio\prio_svc.exe[136] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0069CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0068CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0069CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0069CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0069CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0069CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0069C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0069CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0069CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0069C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0069CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0069CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0069CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0069C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0069A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0068CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0069CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0069CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0069CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0069CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0069CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0069CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00697790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00698320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0069CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0069CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0069CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0069CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0069CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0069CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0069CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0069CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0069CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0069CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0069CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0069CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0069CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0069CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0069CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0069CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0069CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0069CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0069CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0069CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0069D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [8C, 88, CC, CC] .text C:\Program Files\Prio\prio_svc.exe[136] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 3 Bytes JMP 006962C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] ADVAPI32.dll!CreateProcessAsUserW + 4 77DDA8AD 1 Byte [88] .text C:\Program Files\Prio\prio_svc.exe[136] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0069D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00696BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0069DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0069DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Prio\prio_svc.exe[136] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0069E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[576] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00744760 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0093CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0092CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0093CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0093CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0093CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0093CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0093C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0093CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0093CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0093C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0093CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0093CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0093C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0093A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0092CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0093CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0093CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0093CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0093CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0093CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0093CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00937790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00938320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0093CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0093CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0093CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0093CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0093CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0093CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0093CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0093CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0093CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0093CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0093CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0093CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0093CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0093CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0093CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0093CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0093CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0093CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0093CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0093CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] user32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0093E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0093D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [B6, 88, CC, CC] {MOV DH, 0x88; INT 3 ; INT 3 } .text C:\Program Files\MultiRes\MultiRes.exe[652] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 009362C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0093D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00936BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0093DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0093DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0093E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0093E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] shell32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0093C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] shell32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0093C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] shell32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0093CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\MultiRes\MultiRes.exe[652] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0093C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00F7CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00F6CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F7CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F7CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00F7CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00F7CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00F7C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00F7CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00F7CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F7C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 00F7CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00F7CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F7CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00F7C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00F7A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00F6CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00F7CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F7CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F7CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00F7CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F7CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F7CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F77790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F78320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F7CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F7CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00F7CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00F7CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F7CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00F7CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00F7CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 00F7CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00F7CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00F7CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00F7CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00F7CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00F7CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00F7CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00F7CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00F7CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00F7CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00F7CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F7CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00F7CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 00F7D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [1A, 89, CC, CC] .text C:\Program Files\K2T\WTW\wtw.exe[656] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00F762C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 00F7D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00F76BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 00F7DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 00F7DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] WININET.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 00F7C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] WININET.dll!InternetConnectW 3FD0F862 5 Bytes JMP 00F7C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00F7E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 00F7E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 00F7E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 00F7C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 00F7C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 00F7CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 00F7C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 00F7C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[656] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 00F7C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[904] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\System32\alg.exe[908] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 0062C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 0062C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[908] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 0062C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 0062C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[916] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1096] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1144] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1176] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0050ED30 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1176] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 005266C0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1212] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1348] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1464] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0039CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0038CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0039CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0039CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0039CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0039CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0039C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0039CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0039CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0039C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0039CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0039CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0039CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0039C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0039A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0038CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0039CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0039CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0039CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0039CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0039CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0039CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00397790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00398320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0039CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0039CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0039CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0039CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0039CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0039CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0039CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0039CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0039CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0039CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0039CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0039CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0039CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0039CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0039CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0039CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0039CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0039CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0039CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0039D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [5C, 88, CC, CC] {POP ESP; MOV AH, CL; INT 3 } .text C:\WINDOWS\Explorer.EXE[1896] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 003962C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0039D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00396BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0039DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0039DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0039E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0039E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0039E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] WININET.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 0039C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] WININET.dll!InternetConnectW 3FD0F862 5 Bytes JMP 0039C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0039C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0039C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0039CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1896] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0039C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0061CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0062C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0062CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0062CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0062CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0062C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0062A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0061CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 0062CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0062CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0062CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0062CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0062CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0062CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00627790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00628320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0062CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0062CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0062CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0062CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0062CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0062CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0062CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0062CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0062CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0062CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0062CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0062CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0062CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0062CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0062CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0062CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0062CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0062CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0062CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0062CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0062D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [85, 88, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0062D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00626BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0062DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0062DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0062E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0062E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0062E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 0062C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 0062C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 0062CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1976] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0062C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text D:\fixitpc\swxexqsg.exe[3064] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] shell32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] shell32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] shell32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\fixitpc\swxexqsg.exe[3064] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B7DE27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE27F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B7DE2750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B7DE2820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Ip prio.sys (Prio Network Activity Driver/Xeno) AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (Jądro i system NT/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp prio.sys (Prio Network Activity Driver/Xeno) AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (Jądro i system NT/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp prio.sys (Prio Network Activity Driver/Xeno) AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (Jądro i system NT/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp prio.sys (Prio Network Activity Driver/Xeno) AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (Jądro i system NT/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x4C 0xA6 0xB5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x4C 0xA6 0xB5 ... ---- EOF - GMER 1.0.15 ----