GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-06-25 21:06:05 Windows 5.1.2600 Dodatek Service Pack 3 Running: ettn64j9.exe; Driver: C:\DOCUME~1\Wiaderek\USTAWI~1\Temp\kftdapog.sys ---- System - GMER 1.0.15 ---- SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7360112] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF733F2D6] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF733F4C8] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7360900] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF7360BB4] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF735EE12] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7361020] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF73603D2] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF733EF44] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[660] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\savedump.exe[716] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[724] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[876] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[944] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1000] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1176] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetConnectA 771B345A 5 Bytes JMP 10025810 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetConnectW 771BEE40 5 Bytes JMP 100257F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[1680] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1708] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ADVAPI32.dll!OpenServiceW 77DD6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] shell32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] shell32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] shell32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Wiaderek\Pulpit\ettn64j9.exe[1928] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F727D6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F727D7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F727D780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F727D740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F727D740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F727D7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F727D6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F727D780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F727D780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F727D740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F727D7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F727D6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F727D740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F727D780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F727D6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F727D7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F727D6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F727D7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F727D740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F727D740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F727D780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F727D6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F727D7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \FileSystem\Fastfat \Fat F637AD20 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----