GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-03-19 13:26:08 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HTS541010G9AT00 rev.MBZOA60A Running: fl86cvzc.exe; Driver: C:\Users\BROWAR\AppData\Local\Temp\ufryipob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8AE1FC14] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8AE211C4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8AE1FE00] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8AE1EF40] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8AE1F87A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x8AE1EE1C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8AE1F626] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8AE20E54] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8AE1E808] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8AE1FF10] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8AE20864] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8AE1F208] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8AE1FA56] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8AE1F4AC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8AE202FC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x8AE205B0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8AE20B5C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8AE1F172] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8AE1F398] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x8AE1EC1E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8AE1EA0C] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 81849589 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8186E092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 220 81875830 4 Bytes [14, FC, E1, 8A] {ADC AL, 0xfc; LOOPZ 0xffffffffffffff8e} .text ntkrnlpa.exe!RtlSidHashLookup + 248 81875858 8 Bytes [C4, 11, E2, 8A, 00, FE, E1, ...] {LES EDX, DWORD [ECX]; LOOP 0xffffffffffffff8e; ADD DH, BH; LOOPZ 0xffffffffffffff92} .text ntkrnlpa.exe!RtlSidHashLookup + 2DC 818758EC 4 Bytes [40, EF, E1, 8A] {INC EAX; OUT DX, EAX; LOOPZ 0xffffffffffffff8e} .text ntkrnlpa.exe!RtlSidHashLookup + 2F8 81875908 4 Bytes [7A, F8, E1, 8A] {JP 0xfffffffffffffffa; LOOPZ 0xffffffffffffff8e} .text ntkrnlpa.exe!RtlSidHashLookup + 324 81875934 4 Bytes [1C, EE, E1, 8A] {SBB AL, 0xee; LOOPZ 0xffffffffffffff8e} .text ... .text ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 1002E600 .text ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 1002E840 .text kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 .text kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 .text kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 .text kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 .text kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 .text kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 .text kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 .text kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 .text kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 .text kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 .text kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 .text kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 .text kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 .text kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 .text kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 .text kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 .text kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 .text kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 .text kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 .text kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 .text kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 .text kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 .text kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 .text kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 .text kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 .text kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 .text kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 .text kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 .text shell32.dll!ShellExecuteW 761D4250 5 Bytes JMP 1002C9E0 .text shell32.dll!ShellExecuteExW 761E1BCC 5 Bytes JMP 1002C9A0 .text shell32.dll!ShellExecuteEx 76409B12 5 Bytes JMP 1002C9C0 .text shell32.dll!ShellExecuteA 76409BAD 5 Bytes JMP 1002CA00 .text advapi32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 .text sechost.dll!CreateServiceA 7610567C 7 Bytes JMP 1002DD80 .text sechost.dll!CreateServiceW 7610589F 7 Bytes JMP 1002DAA0 .text sechost.dll!OpenServiceW 7610714B 7 Bytes JMP 1002D830 .text sechost.dll!OpenServiceA 76107245 7 Bytes JMP 1002D590 .text user32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\igfxsrvc.exe[308] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\system32\igfxsrvc.exe[308] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\igfxsrvc.exe[308] ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\system32\wininit.exe[424] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] WS2_32.dll!WSASocketW 75C03D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[424] WS2_32.dll!WSASocketA 75C0B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\system32\services.exe[516] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] WS2_32.dll!WSASocketW 75C03D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] WS2_32.dll!WSASocketA 75C0B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\system32\lsass.exe[532] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] WS2_32.dll!WSASocketW 75C03D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] WS2_32.dll!WSASocketA 75C0B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] SHELL32.dll!ShellExecuteW 761D4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] SHELL32.dll!ShellExecuteExW 761E1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] SHELL32.dll!ShellExecuteEx 76409B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] SHELL32.dll!ShellExecuteA 76409BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[536] ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\system32\lsm.exe[540] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[540] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[660] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] WS2_32.dll!WSASocketW 75C03D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] WS2_32.dll!WSASocketA 75C0B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[788] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 0050ED30 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[788] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 005266C0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[912] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[912] ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] WS2_32.dll!WSASocketW 75C03D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] WS2_32.dll!WSASocketA 75C0B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] shell32.dll!ShellExecuteW 761D4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] shell32.dll!ShellExecuteExW 761E1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] shell32.dll!ShellExecuteEx 76409B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[988] shell32.dll!ShellExecuteA 76409BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1032] ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] WS2_32.dll!WSASocketW 75C03D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1076] WS2_32.dll!WSASocketA 75C0B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] WS2_32.dll!WSASocketW 75C03D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1236] WS2_32.dll!WSASocketA 75C0B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\DRIVERS\xaudio.exe[1340] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1584] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\system32\Dwm.exe[1612] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[1612] ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] SHELL32.dll!ShellExecuteW 761D4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] SHELL32.dll!ShellExecuteExW 761E1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] SHELL32.dll!ShellExecuteEx 76409B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] SHELL32.dll!ShellExecuteA 76409BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1624] ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\system32\conhost.exe[1640] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\conhost.exe[1640] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] SHELL32.dll!ShellExecuteW 761D4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] SHELL32.dll!ShellExecuteExW 761E1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] SHELL32.dll!ShellExecuteEx 76409B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1672] SHELL32.dll!ShellExecuteA 76409BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1708] ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\system32\taskhost.exe[1860] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[1860] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] SHELL32.dll!ShellExecuteW 761D4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] SHELL32.dll!ShellExecuteExW 761E1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] SHELL32.dll!ShellExecuteEx 76409B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] SHELL32.dll!ShellExecuteA 76409BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1872] ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 0026CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] ntdll.dll!NtClose 77654770 5 Bytes JMP 0025CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 0026CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 0026CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 0026CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 0026CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 0026C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 0026CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 0026CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 0026C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 0026CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\System32\hkcmd.exe[1936] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 0026CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 0026CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 0026C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 0025CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 0026CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 0026A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 00267790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 00268320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 0026CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 002662C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 0026CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 0026CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 0026CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 0026CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 0026CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 0026CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 0026CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 0026CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 0026CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 0026CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 0026CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 0026CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 0026CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 0026CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 0026CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 0026CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 0026CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 0026CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 0026CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 0026CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 0026CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 0026CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 0026CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 0026CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 0026E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 00266BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 0026E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 0026E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] SHELL32.dll!ShellExecuteW 761D4250 5 Bytes JMP 0026C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] SHELL32.dll!ShellExecuteExW 761E1BCC 5 Bytes JMP 0026C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] SHELL32.dll!ShellExecuteEx 76409B12 5 Bytes JMP 0026C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\hkcmd.exe[1936] SHELL32.dll!ShellExecuteA 76409BAD 5 Bytes JMP 0026CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\System32\igfxpers.exe[1976] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] SHELL32.dll!ShellExecuteW 761D4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] SHELL32.dll!ShellExecuteExW 761E1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] SHELL32.dll!ShellExecuteEx 76409B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\igfxpers.exe[1976] SHELL32.dll!ShellExecuteA 76409BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[2288] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] WS2_32.dll!WSASocketW 75C03D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2288] WS2_32.dll!WSASocketA 75C0B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2740] ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Windows\system32\AUDIODG.EXE[3312] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\AUDIODG.EXE[3312] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] shell32.dll!ShellExecuteW 761D4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] shell32.dll!ShellExecuteExW 761E1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] shell32.dll!ShellExecuteEx 76409B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text D:\PROGRAMY\GMER\fl86cvzc.exe[3484] shell32.dll!ShellExecuteA 76409BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ntdll.dll!NtAllocateVirtualMemory 77654580 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ntdll.dll!NtClose 77654770 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ntdll.dll!NtCreateFile 77654870 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ntdll.dll!NtCreateProcess 77654940 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ntdll.dll!NtCreateProcessEx 77654950 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ntdll.dll!NtDeleteFile 77654AB0 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ntdll.dll!NtFreeVirtualMemory 77654C80 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ntdll.dll!NtLoadDriver 77654E00 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ntdll.dll!NtOpenFile 77654F80 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ntdll.dll!NtProtectVirtualMemory 776551C0 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ntdll.dll!NtUnloadDriver 77655C00 1 Byte [E9] .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ntdll.dll!NtUnloadDriver 77655C00 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ntdll.dll!NtWriteVirtualMemory 77655D40 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ntdll.dll!KiUserExceptionDispatcher 77656298 5 Bytes JMP 1002C750 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ntdll.dll!RtlAllocateHeap 776620B5 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ntdll.dll!LdrUnloadDll 7766BEAF 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ntdll.dll!LdrGetProcedureAddress 7766EE57 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!CreateProcessW 76F3202D 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!CreateProcessA 76F32062 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!OpenFile 76F6410F 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!CreateProcessAsUserW 76F679B4 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!CopyFileW 76F68C8F 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!MoveFileW 76F6A173 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!CopyFileExW 76F707BB 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!VirtualProtect 76F750AB 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!DeleteFileW 76F7656B 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!DeleteFileA 76F78BB6 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!LoadLibraryExW 76F7B6BF 5 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!LoadLibraryExA 76F7BC8B 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!MoveFileWithProgressW 76F7BF04 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!MoveFileExW 76F7BF28 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!CreateFileW 76F80B7D 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!GetProcAddress 76F81857 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!GetModuleHandleW 76F819C1 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!LoadLibraryA 76F82884 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!LoadLibraryW 76F828D2 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!GetModuleHandleA 76F828F7 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!CreateFileA 76F8291C 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!MoveFileExA 76F93013 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!MoveFileWithProgressA 76F93033 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!CopyFileA 76F97D1C 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!MoveFileA 76FBAD89 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!CopyFileExA 76FBBBE1 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!WinExec 76FBE76D 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] kernel32.dll!LoadModule 76FBEC86 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ADVAPI32.dll!CreateProcessAsUserA 761614FD 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] WS2_32.dll!WSASocketW 75C03D1B 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] WS2_32.dll!WSASocketA 75C0B7FC 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] USER32.dll!EndTask 75C8FD8E 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] SHELL32.dll!ShellExecuteW 761D4250 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] SHELL32.dll!ShellExecuteExW 761E1BCC 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] SHELL32.dll!ShellExecuteEx 76409B12 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] SHELL32.dll!ShellExecuteA 76409BAD 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ole32.dll!CoGetClassObject 772EA394 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ole32.dll!CoCreateInstanceEx 7730594F 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----