GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-25 06:16:42 Windows 6.1.7600 Running: gmer.exe; Driver: C:\Users\TOSHIBA\AppData\Local\Temp\pwldrfow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x899AF9E4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x899B0D62] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x899AFBD0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x899AED1E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x899AF64A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x899AEBFA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x899AF3E0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x899B09F2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x899AE73E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x899AFCE0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x899AE570] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x899B062E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x899AEFBA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x899AF826] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0x899AE254] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x899AF26A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0x899AE3EC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x899B00C2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x899B0376] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x899B07FA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x899AEF54] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x899AF156] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x899AEA98] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x899AE93E] INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302CAF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302C104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302C3F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83014634 INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83014898 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302C1DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302C958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302C6F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302CF2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302D1A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8308C599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B0F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 220 830B8730 4 Bytes [E4, F9, 9A, 89] .text ntkrnlpa.exe!RtlSidHashLookup + 248 830B8758 8 Bytes [62, 0D, 9B, 89, D0, FB, 9A, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 2DC 830B87EC 4 Bytes [1E, ED, 9A, 89] .text ntkrnlpa.exe!RtlSidHashLookup + 2F8 830B8808 4 Bytes [4A, F6, 9A, 89] .text ntkrnlpa.exe!RtlSidHashLookup + 324 830B8834 4 Bytes [FA, EB, 9A, 89] .text ... ? System32\drivers\jqpbgyh.sys The system cannot find the path specified. ! ? System32\Drivers\ztbcaud.sys A device attached to the system is not functioning. ! .text C:\windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x837AE000, 0x3C849, 0xE8000020] .dsrt C:\windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x837F3000, 0x3DC, 0x48000040] .text peauth.sys ABE05C9E 27 Bytes [1E, 9E, 35, 61, C0, 25, 60, ...] .text peauth.sys ABE05CC2 27 Bytes [1E, 9E, 35, 61, C0, 25, 60, ...] .text user32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 .text shell32.dll!ShellExecuteW 760041F0 5 Bytes JMP 10025870 .text shell32.dll!ShellExecuteExW 76011B8C 5 Bytes JMP 10025830 .text shell32.dll!ShellExecuteEx 76239B0A 5 Bytes JMP 10025850 .text shell32.dll!ShellExecuteA 76239BA5 5 Bytes JMP 10025890 .text advapi32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 .text advapi32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 .text advapi32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 .text advapi32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 .text advapi32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 .text advapi32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 .text ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 .text ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 .text kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 .text kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 .text kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 .text kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 .text kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 .text kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 .text kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 .text kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 .text kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 .text kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 .text kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 .text kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 .text kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 .text kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 .text kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 .text kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 .text kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 .text kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 .text kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 .text kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 .text kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 .text kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 .text kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 .text kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 .text kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 .text kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 .text kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ntdll.dll!KiUserExceptionDispatcher 76F96448 5 Bytes JMP 100255D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] WS2_32.dll!WSASocketW 75793D1B 7 Bytes JMP 100257B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] WS2_32.dll!WSASocketA 7579B7FC 5 Bytes JMP 100257D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] SHELL32.dll!ShellExecuteW 760041F0 5 Bytes JMP 10025870 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] SHELL32.dll!ShellExecuteExW 76011B8C 5 Bytes JMP 10025830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] SHELL32.dll!ShellExecuteEx 76239B0A 5 Bytes JMP 10025850 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] SHELL32.dll!ShellExecuteA 76239BA5 5 Bytes JMP 10025890 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Mozilla Firefox\firefox.exe[240] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] shell32.dll!ShellExecuteW 760041F0 5 Bytes JMP 10025870 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] shell32.dll!ShellExecuteExW 76011B8C 5 Bytes JMP 10025830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] shell32.dll!ShellExecuteEx 76239B0A 5 Bytes JMP 10025850 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] shell32.dll!ShellExecuteA 76239BA5 5 Bytes JMP 10025890 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\TOSHIBA\Desktop\gmer\gmer.exe[488] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\system32\wininit.exe[560] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] WS2_32.dll!WSASocketW 75793D1B 7 Bytes JMP 100257B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\wininit.exe[560] WS2_32.dll!WSASocketA 7579B7FC 5 Bytes JMP 100257D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\system32\Dwm.exe[576] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\Dwm.exe[576] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[580] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\system32\services.exe[664] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] WS2_32.dll!WSASocketW 75793D1B 7 Bytes JMP 100257B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] WS2_32.dll!WSASocketA 7579B7FC 5 Bytes JMP 100257D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] WININET.dll!InternetConnectW 76D30492 5 Bytes JMP 100257F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] WININET.dll!InternetConnectA 76D3054F 5 Bytes JMP 10025810 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] SHELL32.dll!ShellExecuteW 760041F0 5 Bytes JMP 10025870 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] SHELL32.dll!ShellExecuteExW 76011B8C 5 Bytes JMP 10025830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] SHELL32.dll!ShellExecuteEx 76239B0A 5 Bytes JMP 10025850 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\services.exe[664] SHELL32.dll!ShellExecuteA 76239BA5 5 Bytes JMP 10025890 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\system32\lsass.exe[676] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] WS2_32.dll!WSASocketW 75793D1B 7 Bytes JMP 100257B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsass.exe[676] WS2_32.dll!WSASocketA 7579B7FC 5 Bytes JMP 100257D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\system32\lsm.exe[684] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\lsm.exe[684] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\system32\svchost.exe[820] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[820] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1088] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\system32\svchost.exe[1128] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] WS2_32.dll!WSASocketW 75793D1B 7 Bytes JMP 100257B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] WS2_32.dll!WSASocketA 7579B7FC 5 Bytes JMP 100257D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1128] user32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1340] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 004EF2F0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\windows\system32\svchost.exe[1392] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\system32\svchost.exe[1392] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1392] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\System32\svchost.exe[1452] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] WS2_32.dll!WSASocketW 75793D1B 7 Bytes JMP 100257B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1452] WS2_32.dll!WSASocketA 7579B7FC 5 Bytes JMP 100257D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\Explorer.EXE[1488] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] SHELL32.dll!ShellExecuteW 760041F0 5 Bytes JMP 10025870 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] SHELL32.dll!ShellExecuteExW 76011B8C 5 Bytes JMP 10025830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] SHELL32.dll!ShellExecuteEx 76239B0A 5 Bytes JMP 10025850 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] SHELL32.dll!ShellExecuteA 76239BA5 5 Bytes JMP 10025890 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\Explorer.EXE[1488] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\System32\svchost.exe[1492] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[1492] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\system32\svchost.exe[1532] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] WS2_32.dll!WSASocketW 75793D1B 7 Bytes JMP 100257B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1532] WS2_32.dll!WSASocketA 7579B7FC 5 Bytes JMP 100257D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] WS2_32.dll!WSASocketW 75793D1B 7 Bytes JMP 100257B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] WS2_32.dll!WSASocketA 7579B7FC 5 Bytes JMP 100257D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1580] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SupportAppXL\cdrom_mon.exe[1584] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\system32\svchost.exe[1640] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] WS2_32.dll!WSASocketW 75793D1B 7 Bytes JMP 100257B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[1640] WS2_32.dll!WSASocketA 7579B7FC 5 Bytes JMP 100257D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\system32\taskhost.exe[1700] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\taskhost.exe[1700] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\System32\spoolsv.exe[2016] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] WS2_32.dll!WSASocketW 75793D1B 7 Bytes JMP 100257B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\spoolsv.exe[2016] WS2_32.dll!WSASocketA 7579B7FC 5 Bytes JMP 100257D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\system32\svchost.exe[2044] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] WS2_32.dll!WSASocketW 75793D1B 7 Bytes JMP 100257B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2044] WS2_32.dll!WSASocketA 7579B7FC 5 Bytes JMP 100257D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2068] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] SHELL32.dll!ShellExecuteW 760041F0 5 Bytes JMP 10025870 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] SHELL32.dll!ShellExecuteExW 76011B8C 5 Bytes JMP 10025830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] SHELL32.dll!ShellExecuteEx 76239B0A 5 Bytes JMP 10025850 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] SHELL32.dll!ShellExecuteA 76239BA5 5 Bytes JMP 10025890 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2088] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] WS2_32.dll!WSASocketW 75793D1B 7 Bytes JMP 100257B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] WS2_32.dll!WSASocketA 7579B7FC 5 Bytes JMP 100257D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] SHELL32.dll!ShellExecuteW 760041F0 5 Bytes JMP 10025870 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] SHELL32.dll!ShellExecuteExW 76011B8C 5 Bytes JMP 10025830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] SHELL32.dll!ShellExecuteEx 76239B0A 5 Bytes JMP 10025850 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[2116] SHELL32.dll!ShellExecuteA 76239BA5 5 Bytes JMP 10025890 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) ? C:\windows\System32\svchost.exe[2124] image checksum mismatch; time/date stamp mismatch; .text C:\windows\System32\svchost.exe[2124] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\System32\svchost.exe[2124] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] WININET.dll!InternetConnectW 76D30492 5 Bytes JMP 100257F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] WININET.dll!InternetConnectA 76D3054F 5 Bytes JMP 10025810 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\System32\svchost.exe[2124] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] WS2_32.dll!WSASocketW 75793D1B 7 Bytes JMP 100257B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] WS2_32.dll!WSASocketA 7579B7FC 5 Bytes JMP 100257D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] SHELL32.dll!ShellExecuteW 760041F0 5 Bytes JMP 10025870 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] SHELL32.dll!ShellExecuteExW 76011B8C 5 Bytes JMP 10025830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] SHELL32.dll!ShellExecuteEx 76239B0A 5 Bytes JMP 10025850 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] SHELL32.dll!ShellExecuteA 76239BA5 5 Bytes JMP 10025890 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2188] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2288] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\system32\svchost.exe[2368] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[2368] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\system32\TODDSrv.exe[2408] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\TODDSrv.exe[2408] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] SHELL32.dll!ShellExecuteW 760041F0 5 Bytes JMP 10025870 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] SHELL32.dll!ShellExecuteExW 76011B8C 5 Bytes JMP 10025830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] SHELL32.dll!ShellExecuteEx 76239B0A 5 Bytes JMP 10025850 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] SHELL32.dll!ShellExecuteA 76239BA5 5 Bytes JMP 10025890 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2452] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] SHELL32.dll!ShellExecuteW 760041F0 5 Bytes JMP 10025870 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] SHELL32.dll!ShellExecuteExW 76011B8C 5 Bytes JMP 10025830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] SHELL32.dll!ShellExecuteEx 76239B0A 5 Bytes JMP 10025850 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] SHELL32.dll!ShellExecuteA 76239BA5 5 Bytes JMP 10025890 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] WS2_32.dll!WSASocketW 75793D1B 7 Bytes JMP 100257B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] WS2_32.dll!WSASocketA 7579B7FC 5 Bytes JMP 100257D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] WININET.dll!InternetConnectW 76D30492 5 Bytes JMP 100257F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2564] WININET.dll!InternetConnectA 76D3054F 5 Bytes JMP 10025810 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2584] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\system32\SearchIndexer.exe[2592] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] SHELL32.dll!ShellExecuteW 760041F0 5 Bytes JMP 10025870 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] SHELL32.dll!ShellExecuteExW 76011B8C 5 Bytes JMP 10025830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] SHELL32.dll!ShellExecuteEx 76239B0A 5 Bytes JMP 10025850 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\SearchIndexer.exe[2592] SHELL32.dll!ShellExecuteA 76239BA5 5 Bytes JMP 10025890 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] SHELL32.dll!ShellExecuteW 760041F0 5 Bytes JMP 10025870 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] SHELL32.dll!ShellExecuteExW 76011B8C 5 Bytes JMP 10025830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] SHELL32.dll!ShellExecuteEx 76239B0A 5 Bytes JMP 10025850 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] SHELL32.dll!ShellExecuteA 76239BA5 5 Bytes JMP 10025890 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2648] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[3148] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\system32\igfxsrvc.exe[3236] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\igfxsrvc.exe[3236] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\windows\system32\svchost.exe[3464] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\windows\system32\svchost.exe[3464] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] SHELL32.dll!ShellExecuteW 760041F0 5 Bytes JMP 10025870 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] SHELL32.dll!ShellExecuteExW 76011B8C 5 Bytes JMP 10025830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] SHELL32.dll!ShellExecuteEx 76239B0A 5 Bytes JMP 10025850 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3580] SHELL32.dll!ShellExecuteA 76239BA5 5 Bytes JMP 10025890 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] SHELL32.dll!ShellExecuteW 760041F0 5 Bytes JMP 10025870 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] SHELL32.dll!ShellExecuteExW 76011B8C 5 Bytes JMP 10025830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] SHELL32.dll!ShellExecuteEx 76239B0A 5 Bytes JMP 10025850 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] SHELL32.dll!ShellExecuteA 76239BA5 5 Bytes JMP 10025890 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] WININET.dll!InternetConnectW 76D30492 5 Bytes JMP 100257F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3632] WININET.dll!InternetConnectA 76D3054F 5 Bytes JMP 10025810 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[3780] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 006E7F00 C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] SHELL32.dll!ShellExecuteW 760041F0 5 Bytes JMP 10025870 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] SHELL32.dll!ShellExecuteExW 76011B8C 5 Bytes JMP 10025830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] SHELL32.dll!ShellExecuteEx 76239B0A 5 Bytes JMP 10025850 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] SHELL32.dll!ShellExecuteA 76239BA5 5 Bytes JMP 10025890 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] WININET.dll!InternetConnectW 76D30492 5 Bytes JMP 100257F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Windows Sidebar\sidebar.exe[3844] WININET.dll!InternetConnectA 76D3054F 5 Bytes JMP 10025810 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ntdll.dll!NtAllocateVirtualMemory 76F94720 5 Bytes JMP 10025C90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ntdll.dll!NtClose 76F94910 5 Bytes JMP 1001CE20 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ntdll.dll!NtCreateFile 76F94A10 5 Bytes JMP 10025D10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ntdll.dll!NtCreateProcess 76F94AE0 5 Bytes JMP 10025DB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ntdll.dll!NtCreateProcessEx 76F94AF0 5 Bytes JMP 10025D90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ntdll.dll!NtDeleteFile 76F94C50 5 Bytes JMP 10025CD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ntdll.dll!NtFreeVirtualMemory 76F94E20 5 Bytes JMP 10025BD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ntdll.dll!NtLoadDriver 76F94FA0 5 Bytes JMP 10025C70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ntdll.dll!NtOpenFile 76F95120 5 Bytes JMP 10025CF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ntdll.dll!NtProtectVirtualMemory 76F95360 5 Bytes JMP 10025CB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ntdll.dll!NtSetInformationProcess 76F95AC0 2 Bytes JMP 10025C30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ntdll.dll!NtSetInformationProcess + 3 76F95AC3 2 Bytes [09, 99] .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ntdll.dll!NtUnloadDriver 76F95DA0 5 Bytes JMP 10025C50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ntdll.dll!NtWriteVirtualMemory 76F95EE0 5 Bytes JMP 10025D30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ntdll.dll!RtlAllocateHeap 76FA209D 5 Bytes JMP 10025BF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ntdll.dll!LdrUnloadDll 76FABE7F 7 Bytes JMP 1001CF40 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ntdll.dll!LdrGetProcedureAddress 76FAEE27 5 Bytes JMP 10025C10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ntdll.dll!LdrLoadDll 76FAF585 5 Bytes JMP 10023430 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] USER32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ADVAPI32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ADVAPI32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ADVAPI32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ADVAPI32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ADVAPI32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ADVAPI32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] SHELL32.dll!ShellExecuteW 760041F0 5 Bytes JMP 10025870 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] SHELL32.dll!ShellExecuteExW 76011B8C 5 Bytes JMP 10025830 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] SHELL32.dll!ShellExecuteEx 76239B0A 5 Bytes JMP 10025850 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] SHELL32.dll!ShellExecuteA 76239BA5 5 Bytes JMP 10025890 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] WININET.dll!InternetConnectW 76D30492 5 Bytes JMP 100257F0 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[3876] WININET.dll!InternetConnectA 76D3054F 5 Bytes JMP 10025810 C:\windows\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 86E197E8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- Threads - GMER 1.0.15 ---- Thread System [4:2332] ABF99F2E ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\ztbcaud@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\ztbcaud@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\ztbcaud@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\services\ztbcaud@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet002\services\ztbcaud@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\ztbcaud@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\ztbcaud@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\services\ztbcaud@Group Boot Bus Extender ---- EOF - GMER 1.0.15 ----