GMER 1.0.15.15125 - http://www.gmer.net Rootkit scan 2009-10-12 19:36:47 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\MICHEL~1\IMPOST~1\Temp\ffaoaaow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xAA125D46] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xAA125250] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xAA1258EA] SSDT F7B4025E ZwCreateKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xAA125132] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xAA127254] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xAA12752C] SSDT F7B40254 ZwCreateThread SSDT F7B40263 ZwDeleteKey SSDT F7B4026D ZwDeleteValueKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xAA124A5A] SSDT spep.sys ZwEnumerateKey [0xF7325CA4] SSDT spep.sys ZwEnumerateValueKey [0xF7326032] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xAA126ED6] SSDT F7B40272 ZwLoadKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xAA1254D4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xAA125B2E] SSDT spep.sys ZwOpenKey [0xF73070C0] SSDT F7B40240 ZwOpenProcess SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xAA125764] SSDT F7B40245 ZwOpenThread SSDT spep.sys ZwQueryKey [0xF732610A] SSDT spep.sys ZwQueryValueKey [0xF7325F8A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xAA126688] SSDT F7B4027C ZwReplaceKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xAA1269F0] SSDT F7B40277 ZwRestoreKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xAA126C72] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xAA127084] SSDT F7B40268 ZwSetValueKey SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xAA12546E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xAA125658] SSDT F7B4024F ZwTerminateProcess SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xAA124ECA] INT 0x33 ? 86B5CBF8 INT 0x3A ? 86DDABF8 INT 0x3A ? 86DDABF8 INT 0x3A ? 86DDABF8 INT 0x3A ? 86DDABF8 INT 0x3A ? 86B5CBF8 INT 0x3A ? 86DDABF8 INT 0x3E ? 86B5CBF8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 23F8 80501C30 4 Bytes JMP DAAA1258 ? spep.sys Impossibile trovare il file specificato. ! .text USBPORT.SYS!DllUnload F64348AC 5 Bytes JMP 86B5C1D8 ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\spoolsv.exe[176] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[176] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] WININET.dll!InternetConnectA 3F9EDEAE 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] WININET.dll!InternetConnectW 3F9EF862 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[200] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] WS2_32.dll!WSASocketW 71A3404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] WS2_32.dll!WSASocketA 71A38B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\sched.exe[236] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[336] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avguard.exe[356] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[756] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[884] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 00381950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 00388B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 003818D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00381890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 003819B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 00381910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 00381A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 00381970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 003818F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00381930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 003819D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 00381990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 003818B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 00381A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00384550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 00388A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 003819F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00381B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00381D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00381AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00381AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00381D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00381A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00381A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00381A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00381D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00381CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00381D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00381B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00381C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00381C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 00381B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [B6, 83] {MOV DH, 0x83} .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00381BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00381B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00381B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00381CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00381CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00381C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00381BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00381C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00381C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00381BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00381D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00381AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 00388700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 00381480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 00381640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 00381000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 00381250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 00388450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 00388590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 00381E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 00381DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 00381DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] SHELL32.dll!ShellExecuteW 7CAC5D48 3 Bytes JMP 00381DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxtray.exe[992] SHELL32.dll!ShellExecuteW + 4 7CAC5D4C 1 Byte [83] .text C:\WINDOWS\System32\hkcmd.exe[1000] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 00381950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 00388B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 003818D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00381890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 003819B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 00381910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 00381A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 00381970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 003818F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00381930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 003819D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 00381990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 003818B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 00381A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00384550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 00388A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 003819F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00381B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00381D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00381AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00381AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00381D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00381A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00381A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00381A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00381D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00381CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00381D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00381B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00381C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00381C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 00381B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [B6, 83] {MOV DH, 0x83} .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00381BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00381B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00381B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00381CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00381CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00381C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00381BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00381C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00381C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00381BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00381D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00381AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 00388700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 00381480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 00381640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 00381000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 00381250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 00388450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 00388590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 00381E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 00381DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 00381DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] SHELL32.dll!ShellExecuteW 7CAC5D48 3 Bytes JMP 00381DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\hkcmd.exe[1000] SHELL32.dll!ShellExecuteW + 4 7CAC5D4C 1 Byte [83] .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxsrvc.exe[1044] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[1116] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] WS2_32.dll!WSASocketW 71A3404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] WS2_32.dll!WSASocketA 71A38B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[1128] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1300] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\igfxpers.exe[1320] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] WININET.dll!InternetConnectA 3F9EDEAE 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] WININET.dll!InternetConnectW 3F9EF862 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jusched.exe[1336] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\RTHDCPL.EXE[1348] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1400] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Comodo firewall\Comodo\COMODO Internet Security\cmdagent.exe[1512] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 0040FB50 E:\Comodo firewall\Comodo\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1540] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 003A1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 003A8B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 003A18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 003A1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 003A19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 003A1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 003A1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 003A1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 003A18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 003A1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 003A19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 003A1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 003A18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 003A1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 003A4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 003A8A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 003A19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 003A1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 003A1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 003A1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 003A1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003A1D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003A1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003A1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003A1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 003A1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 003A1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 003A1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 003A1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 003A1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 003A1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [B8, 83] .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 003A1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 003A1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 003A1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 003A1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 003A1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 003A1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 003A1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 003A1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 003A1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 003A1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 003A1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 003A8700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 003A1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 003A1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 003A1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 003A1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 003A1E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 003A1DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 003A1DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 003A1DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 003A8450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Avira\AntiVir Desktop\avgnt.exe[1560] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 003A8590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1656] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\svchost.exe[1664] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] WS2_32.dll!WSASocketW 71A3404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] WS2_32.dll!WSASocketA 71A38B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Java\jre6\bin\jqs.exe[1712] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] WININET.dll!InternetConnectA 3F9EDEAE 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] WININET.dll!InternetConnectW 3F9EF862 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\COMODO\livePCsupport\ELPS.exe[1784] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1820] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text E:\Comodo firewall\Comodo\COMODO Internet Security\cfp.exe[1844] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 0050DCB0 E:\Comodo firewall\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 00381950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 00388B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 003818D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00381890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 003819B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 00381910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 00381A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 00381970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 003818F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00381930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 003819D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 00381990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 003818B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 00381A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00384550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 00388A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 003819F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00381B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00381D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00381AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00381AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00381D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00381A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00381A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00381A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00381D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00381CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00381D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00381B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00381C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00381C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 00381B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [B6, 83] {MOV DH, 0x83} .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00381BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00381B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00381B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00381CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00381CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00381C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00381BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00381C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00381C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00381BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00381D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00381AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 00381480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 00381640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 00381000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 00381250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 00388700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] WS2_32.dll!WSASocketW 71A3404E 7 Bytes JMP 00381E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] WS2_32.dll!WSASocketA 71A38B6A 5 Bytes JMP 00381E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] WININET.dll!InternetConnectA 3F9EDEAE 5 Bytes JMP 00381E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] WININET.dll!InternetConnectW 3F9EF862 5 Bytes JMP 00381E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 00388450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 00388590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 00381E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 00381DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 00381DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] SHELL32.dll!ShellExecuteW 7CAC5D48 3 Bytes JMP 00381DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1848] SHELL32.dll!ShellExecuteW + 4 7CAC5D4C 1 Byte [83] .text C:\WINDOWS\system32\ctfmon.exe[1988] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[1988] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] WS2_32.dll!WSASocketW 71A3404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] WS2_32.dll!WSASocketA 71A38B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2000] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] WS2_32.dll!WSASocketW 71A3404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] WS2_32.dll!WSASocketA 71A38B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Bonjour\mDNSResponder.exe[2012] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] SHELL32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] SHELL32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] SHELL32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] SHELL32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe[2144] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95} .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ADVAPI32.dll!OpenServiceW 77F56FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ADVAPI32.dll!OpenServiceA 77F64C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ADVAPI32.dll!CreateServiceA 77FA7211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ADVAPI32.dll!CreateServiceW 77FA73A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] shell32.dll!ShellExecuteExW 7CA1996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] shell32.dll!ShellExecuteEx 7CA50EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] shell32.dll!ShellExecuteA 7CA511E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Michele&Katia\Desktop\gmer.exe[2784] shell32.dll!ShellExecuteW 7CAC5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7308042] spep.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F730813E] spep.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73080C0] spep.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7308800] spep.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73086D6] spep.sys IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7317E9C] spep.sys IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisCloseAdapter] [F718F6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisOpenAdapter] [F718F7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisDeregisterProtocol] [F718F780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\VMNetSrv.sys[NDIS.SYS!NdisRegisterProtocol] [F718F740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F718F6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F718F7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F718F780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F718F740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F718F740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F718F7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F718F6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F718F780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F718F780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F718F740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F718F7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F718F6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F718F740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F718F780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F718F6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F718F7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F718F6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F718F7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F718F740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F718F780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F718F740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F718F7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F718F6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F718F740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F718F780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F718F6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F718F7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\drivers\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] [F718F740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\drivers\tcpip6.sys[NDIS.SYS!NdisDeregisterProtocol] [F718F780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\drivers\tcpip6.sys[NDIS.SYS!NdisCloseAdapter] [F718F6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\drivers\tcpip6.sys[NDIS.SYS!NdisOpenAdapter] [F718F7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 86DD91F8 AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \Driver\usbuhci \Device\USBPDO-0 86B5B1F8 Device \Driver\usbuhci \Device\USBPDO-1 86B5B1F8 Device \Driver\usbuhci \Device\USBPDO-2 86B5B1F8 Device \Driver\usbuhci \Device\USBPDO-3 86B5B1F8 Device \Driver\usbehci \Device\USBPDO-4 86B2E1F8 AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \Driver\Ftdisk \Device\HarddiskVolume1 86D6C1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 86D6C1F8 Device \Driver\Cdrom \Device\CdRom0 86B211F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 86D6C1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-12 [F7281B40] atapi.sys[unknown section] Device \Driver\atapi \Device\Ide\IdePort0 [F7281B40] atapi.sys[unknown section] Device \Driver\atapi \Device\Ide\IdePort1 [F7281B40] atapi.sys[unknown section] Device \Driver\atapi \Device\Ide\IdePort2 [F7281B40] atapi.sys[unknown section] Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7 [F7281B40] atapi.sys[unknown section] Device \Driver\atapi \Device\Ide\IdePort3 [F7281B40] atapi.sys[unknown section] Device \Driver\NetBT \Device\NetBt_Wins_Export 86AEC1F8 Device \Driver\NetBT \Device\NetbiosSmb 86AEC1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{713A5B49-EB08-431C-B7C1-395A251B11A1} 86AEC1F8 AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) Device \Driver\usbuhci \Device\USBFDO-0 86B5B1F8 Device \Driver\usbuhci \Device\USBFDO-1 86B5B1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 869C8500 Device \Driver\usbuhci \Device\USBFDO-2 86B5B1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 869C8500 Device \Driver\usbuhci \Device\USBFDO-3 86B5B1F8 Device \Driver\usbehci \Device\USBFDO-4 86B2E1F8 Device \Driver\Ftdisk \Device\FtControl 86D6C1F8 Device \FileSystem\Cdfs \Cdfs 86A53500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyqacyahsr@start 1 Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyqacyahsr@type 1 Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyqacyahsr@group file system Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyqacyahsr@imagepath \systemroot\system32\drivers\gasfkynoejlcnq.sys Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyqacyahsr\main (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyqacyahsr\main@aid 10003 Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyqacyahsr\main@sid 0 Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyqacyahsr\main@cmddelay 14400 Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyqacyahsr\main\delete (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyqacyahsr\main\delete@C:\DOCUME~1\MICHEL~1\IMPOST~1\Temp\gasfkyibchtsesvm.tmp Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyqacyahsr\main\delete@C:\DOCUME~1\MICHEL~1\IMPOST~1\Temp\gasfkypvfvbcxrnc.tmp Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyqacyahsr\main\injector (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyqacyahsr\main\injector@* gasfkywsp8.dll Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyqacyahsr\main\tasks (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyqacyahsr\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyqacyahsr\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkynoejlcnq.sys Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyqacyahsr\modules@gasfkycmd.dll \systemroot\system32\gasfkytilyliow.dll Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyqacyahsr\modules@gasfkylog.dat \systemroot\system32\gasfkyvgwqkuri.dat Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyqacyahsr\modules@gasfkywsp.dll \systemroot\system32\gasfkyculnpkol.dll Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyqacyahsr\modules@gasfky.dat \systemroot\system32\gasfkyaqnkvjlg.dat Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyqacyahsr\modules@gasfkywsp8.dll \systemroot\system32\gasfkykeaoeppt.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x25 0xE3 0x11 0x89 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x25 0xE3 0x11 0x89 ... ---- Files - GMER 1.0.15 ---- File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\Gen0cide_UleadCOOL3D35Trial_crack.exe 17552 bytes executable File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\A0000038.exe 1536 bytes executable File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\A0000038.exe.info 260 bytes File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\A0000040.exe 31232 bytes executable File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\A0000040.exe.info 262 bytes File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\A0000048.pif 31232 bytes executable File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\A0000048.pif.info 262 bytes File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\A0000050.exe 31232 bytes executable File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\A0000050.exe.info 262 bytes File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\A0000067.exe 517009 bytes File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\A0000067.exe.info 246 bytes File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\A0000075.exe 94208 bytes executable File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\A0000075.exe.info 278 bytes File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\A0008308.exe 598016 bytes executable File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\A0008308.exe.info 244 bytes File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\A0013568.dll 147456 bytes executable File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\A0013568.dll.info 244 bytes File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\A0013976.dll 75264 bytes executable File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\A0013976.dll.info 244 bytes File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\candc3t104-ch.zip 130437 bytes File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\candc3t104-ch.zip.info 140 bytes File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\ComboFix.exe 3336733 bytes executable File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\ComboFix.exe.info 196 bytes File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\Gen0cide_UleadCOOL3D35Trial_crack.exe.info 228 bytes File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\m3ffxtbr.jar 4466 bytes File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\m3ffxtbr.jar.info 160 bytes File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\msimg32.dll 28672 bytes executable File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\msimg32.dll.info 196 bytes File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\msimg32.dll1 28672 bytes executable File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\msimg32.dll1.info 196 bytes File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\NIRCMD.exe 31232 bytes executable File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\NIRCMD.exe.info 120 bytes File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\riched20.dll 24576 bytes executable File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\riched20.dll.info 192 bytes File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\snjfjhl.exe 812360 bytes executable File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\snjfjhl.exe.info 146 bytes File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\xdgwhlh.exe 849232 bytes executable File E:\Comodo firewall\Comodo\COMODO Internet Security\Quarantine\xdgwhlh.exe.info 134 bytes ---- EOF - GMER 1.0.15 ----