GMER 1.0.15.15570 - http://www.gmer.net Rootkit scan 2011-05-07 11:36:29 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-00FRA0 rev.77.07W77 Running: gmer.exe; Driver: C:\DOCUME~1\UKASZ~1\USTAWI~1\Temp\uxtdqpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB6F6280A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB6F61D8A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB6F62470] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xB6F6307E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xB6F61C66] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB6F6513C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB6F654C2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB6F61652] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xB6F629F6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xB6F62BF6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xB6F61458] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xB6F637BC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xB6F63A12] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB6F64B4C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB6F62052] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB6F6264C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xB6F6306E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xB6F61086] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB6F622F6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xB6F6128A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xB6F63C20] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xB6F64074] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xB6F63E32] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xB6F635D4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB6F645E4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xB6F64898] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB6F62E46] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB6F64E44] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xB6F6334C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB6F61FBC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB6F621E2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB6F61A68] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB6F61856] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[176] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 00744760 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\WINDOWS\System32\svchost.exe[576] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[576] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\WINDOWS\System32\svchost.exe[596] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[596] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[656] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[656] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\WINDOWS\system32\services.exe[880] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[880] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\WINDOWS\system32\lsass.exe[892] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!WSASocketW 71A539CB 7 Bytes JMP 1002C920 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!WSASocketA 71A58769 5 Bytes JMP 1002C940 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[892] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1044] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1044] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1208] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 0050AEF0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1208] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 005227C0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1292] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 00F1CE00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00F0CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00F1CDC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 00F1CE80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 00F1CE60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 00F1CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 00F1C490 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 00F1CDE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 00F1CDA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 00F1C440 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 00F1CD60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 00F1CD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00F1CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 00F1C4E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00F1A630 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00F0CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 00F1CD40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F1CC80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F1CA20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 00F1CCC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F1CCE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F1CA80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F17790 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F18320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00F1CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00F1CA60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 00F1CAC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 00F1CAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00F1CC60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 00F1CB00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 00F1CAE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 00F1CB20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00F1CBC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 00F1CB40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00F1CC20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 00F1CCA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 00F1CBE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00F1CC40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00F1CBA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 00F1CB60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 00F1CB80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 00F1CC00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00F1CA40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 00F1CD00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 00F1D830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 00F1D590 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 00F162C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 00F16BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 00F1DD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 00F1DAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [0F, 89, CC, CC] .text C:\Program Files\K2T\WTW\wtw.exe[1392] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 00F1C980 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 00F1C960 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 00F1E3C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 00F1E840 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 00F1E600 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 00F1C9A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 00F1C9C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 00F1CA00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 00F1C9E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] WS2_32.dll!WSASocketW 71A539CB 7 Bytes JMP 00F1C920 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\K2T\WTW\wtw.exe[1392] WS2_32.dll!WSASocketA 71A58769 5 Bytes JMP 00F1C940 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1404] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\WINDOWS\Explorer.EXE[1540] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] WININET.dll!InternetConnectA 771B44DB 5 Bytes JMP 1002C980 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1540] WININET.dll!InternetConnectW 771C5D4C 5 Bytes JMP 1002C960 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1616] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1708] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\WINDOWS\system32\spoolsv.exe[1844] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1844] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] shell32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] shell32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] shell32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Łukasz\Pulpit\gm\gmer.exe[2440] shell32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ntdll.dll!NtAllocateVirtualMemory 7C90D4DE 5 Bytes JMP 1002CE00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1001CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 1002CDC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 1002CE80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 1002CE60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ntdll.dll!NtDeleteFile 7C90D88F 5 Bytes JMP 1002CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ntdll.dll!NtFreeVirtualMemory 7C90DA48 5 Bytes JMP 1002C490 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ntdll.dll!NtLoadDriver 7C90DB6E 5 Bytes JMP 1002CDE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes JMP 1002CDA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 1002C440 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ntdll.dll!NtSetInformationProcess 7C90E62D 5 Bytes JMP 1002CD60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ntdll.dll!NtUnloadDriver 7C90E8F7 5 Bytes JMP 1002CD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 1002CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ntdll.dll!RtlAllocateHeap 7C9105D4 5 Bytes JMP 1002C4E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 1002A630 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1001CE40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ntdll.dll!LdrGetProcedureAddress 7C919B88 5 Bytes JMP 1002CD40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 1002CC80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 1002CA20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 1002CCC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 1002CCE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 1002CA80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10027790 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10028320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 1002CD20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 1002CA60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 1002CAC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 1002CAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 1002CC60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!DeleteFileA 7C81E85C 5 Bytes JMP 1002CB00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 1002CAE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 1002CB20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 1002CBC0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!MoveFileWithProgressA 7C8222B3 5 Bytes JMP 1002CB40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 1002CC20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 1002CCA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!CopyFileExW 7C82EFF2 7 Bytes JMP 1002CBE0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 1002CC40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 1002CBA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!MoveFileExW 7C83991F 5 Bytes JMP 1002CB60 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!MoveFileExA 7C85D2A3 5 Bytes JMP 1002CB80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!CopyFileExA 7C85E1A4 5 Bytes JMP 1002CC00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 1002CA40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] kernel32.dll!LoadModule 7C86125E 5 Bytes JMP 1002CD00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ADVAPI32.dll!OpenServiceW 77DD6165 7 Bytes JMP 1002D830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ADVAPI32.dll!OpenServiceA 77DDB88C 7 Bytes JMP 1002D590 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ADVAPI32.dll!CreateProcessAsUserW 77DE7775 5 Bytes JMP 100262C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ADVAPI32.dll!CreateProcessAsUserA 77E00958 5 Bytes JMP 10026BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ADVAPI32.dll!CreateServiceA 77E27071 7 Bytes JMP 1002DD80 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ADVAPI32.dll!CreateServiceW 77E27209 2 Bytes JMP 1002DAA0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ADVAPI32.dll!CreateServiceW + 3 77E2720C 4 Bytes [20, 98, CC, CC] .text C:\WINDOWS\System32\svchost.exe[2848] USER32.dll!EndTask 77D79C9D 5 Bytes JMP 1002E3C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ole32.dll!CoCreateInstanceEx 77515FB1 5 Bytes JMP 1002E840 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] ole32.dll!CoGetClassObject 7752F356 5 Bytes JMP 1002E600 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 1002C9A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 1002C9C0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 1002CA00 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[2848] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 1002C9E0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F9888750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F9888820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F98887F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F98887B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F98887B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F9888820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F9888750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F98887F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F98887F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F98887B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F9888820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F9888750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F98887B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F9888750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F9888820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F98887F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F9888750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F98887B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F9888820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F98887F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F98887B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F9888820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F9888750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F98887B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F98887F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F9888750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F9888820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Deskjet F4200 series\HPWarningMsg\CheckStatus@A\1u\0k\0a\0s\0z 0x00 0x00 0x00 0x00 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Deskjet F4200 series\HPWarningMsg\MaxDPI@A\1u\0k\0a\0s\0z 0x00 0x00 0x00 0x00 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Deskjet F4200 series\HPWarningMsg\PhotoStacking@A\1u\0k\0a\0s\0z 0x00 0x00 0x00 0x00 ---- Files - GMER 1.0.15 ---- File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\cmdow.exe 16896 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\cmdow.exe.info 156 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes ---- EOF - GMER 1.0.15 ----