Skocz do zawartości


Zdjęcie

Logi - Rootkit wykryty przez Combofix'a


  • Zamknięty Temat jest zamknięty
14 odpowiedzi w tym temacie

#1 kuba206

kuba206

    Obserwator

  • 8 postów

Napisano 16 05 2010 - 18:32

siema. skanowałem kompa combofixem i powiedział, że mam rootkita. Próbowałem juz różnych programów ale nic mi nie pomagają.Może podmienić zainfekowany plik ? ale który podmienić? tu macie log z combofixa :
**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-16 18:00
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8B807320]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecfc3
\Driver\ACPI -> ACPI.sys @ 0xb7f58cb8
\Driver\atapi -> 0x8b807320
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1CE6.tmp"


Użytkownik Katarina edytował ten post 16 05 2010 - 19:21

  • 0

#2 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 16 05 2010 - 19:27

To jest tylko dolna część logu ComboFixa, a dokładniej jego modułu "Catchme". Catchme ma za zadanie wykrywać właśnie Rootkity. U Ciebie nie znalazł jednak żadnego Rootkita.
Pokaż pozostała część logu - bo może tu chodzić o infekcję pendrivową, którą niektóre Antivirusy nazywają Rootkitem.
.

Użytkownik ordynat edytował ten post 16 05 2010 - 19:27

  • 0

#3 kuba206

kuba206

    Obserwator

  • 8 postów

Napisano 16 05 2010 - 19:29

ComboFix 10-05-15.03 - Administrator 2010-05-16 17:44:17.15.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3070.2614 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Rezydentny antywirus jest aktywny

.

((((((((((((((((((((((((( Pliki utworzone od 2010-04-16 do 2010-05-16 )))))))))))))))))))))))))))))))
.

2010-05-15 20:53 . 2010-05-15 22:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-15 20:53 . 2010-05-15 22:31 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2010-05-15 20:47 . 2010-05-15 20:47 -------- d-----w- c:\program files\kj
2010-05-15 20:42 . 2009-06-18 10:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-05-12 16:47 . 2010-05-12 16:48 -------- d-----w- c:\program files\Guitar FX BOX 2.6
2010-05-12 11:59 . 2010-05-12 12:16 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Rockstar Games
2010-05-12 11:40 . 2010-05-12 11:40 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-12 11:36 . 2010-05-12 11:36 -------- d-----w- c:\windows\system32\xlive
2010-05-12 11:36 . 2010-05-12 11:36 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-05-12 11:21 . 2010-05-12 12:09 -------- d-----w- c:\program files\Rockstar Games
2010-05-11 15:33 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-10 18:11 . 2010-05-10 18:11 -------- d-----w- c:\documents and settings\Nowy folder
2010-05-10 18:02 . 2010-05-10 18:02 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Cimaware
2010-05-09 21:27 . 2010-05-09 21:27 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Real Desktop
2010-05-09 21:27 . 2010-05-10 13:57 -------- d-----w- c:\program files\Real Desktop
2010-05-06 11:47 . 2010-05-06 11:47 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\ABBYY
2010-05-06 11:41 . 2010-05-11 19:42 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\ABBYY
2010-05-06 11:41 . 2010-05-06 11:49 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ABBYY
2010-05-05 09:26 . 2010-05-05 09:26 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Comodo Downloader
2010-05-03 17:46 . 2008-04-13 22:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-05-03 17:46 . 2008-04-13 22:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-05-03 17:46 . 2008-04-14 20:50 54784 ----a-w- c:\windows\system32\drivers\vfwwdm32.dll
2010-05-03 17:45 . 2010-05-03 17:45 -------- d-----w- c:\program files\CyberLink
2010-05-03 17:17 . 2010-05-03 18:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\CyberLink
2010-05-03 17:16 . 2010-05-03 17:16 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\CyberLink
2010-05-03 17:16 . 2010-05-03 17:16 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\CyberLink
2010-05-03 17:15 . 2010-05-03 17:45 -------- d-----w- c:\documents and settings\kuba\Pulpit
2010-05-03 17:15 . 2010-05-03 17:15 -------- d-----w- c:\documents and settings\kuba\Menu Start
2010-05-03 17:12 . 2010-05-03 17:42 36864 ----a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
2010-04-28 17:47 . 2010-04-28 18:09 1925088 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-04-26 08:35 . 2010-04-26 08:35 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\FindeXer
2010-04-26 08:31 . 2010-04-26 08:31 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Stardock
2010-04-26 08:30 . 2010-04-26 08:29 153877 ----a-w- c:\windows\BricoPackUninst.cmd
2010-04-26 08:23 . 2010-04-26 08:23 -------- d-----w- c:\program files\RK Launcher
2010-04-26 08:22 . 2010-05-11 19:41 -------- d-----w- c:\program files\CursorXP
2010-04-26 08:19 . 2010-05-02 21:00 -------- d-----w- c:\program files\iColorFolder
2010-04-26 08:13 . 2010-04-26 08:30 8256 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-04-26 08:12 . 2010-05-02 20:59 -------- d-----w- c:\windows\BricoPacks
2010-04-21 18:47 . 2010-04-21 18:47 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-21 18:34 . 2010-04-21 18:43 7028 --sha-w- c:\windows\system32\sys_drv.dat
2010-04-21 18:34 . 2010-04-21 18:43 6024 --sha-w- c:\windows\system32\sys_drv_2.dat
2010-04-21 18:32 . 2010-05-02 20:58 -------- d-----w- c:\program files\Folder Lock 6

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-16 15:52 . 2009-11-20 14:20 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-16 15:43 . 2009-11-19 18:30 16608 ----a-w- c:\windows\gdrv.sys
2010-05-15 12:22 . 2010-01-23 19:25 871992 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2010-05-15 12:05 . 2010-03-29 17:30 -------- d-----w- c:\program files\Gadu-Gadu 10
2010-05-14 15:00 . 2009-11-19 18:19 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-12 12:09 . 2009-11-19 18:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-11 15:33 . 2009-11-19 18:22 -------- d-----w- c:\program files\Java
2010-05-10 17:37 . 2010-01-03 18:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2010-05-10 16:52 . 2009-12-09 17:50 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Skype
2010-05-05 17:24 . 2009-11-27 21:16 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\skypePM
2010-05-03 17:12 . 2010-04-09 21:25 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2010-05-02 21:01 . 2009-11-20 21:01 -------- d-----w- c:\program files\JDownloader
2010-04-26 08:29 . 2004-08-03 22:44 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-04-21 21:30 . 2010-01-23 21:39 -------- d-----w- c:\program files\ALLPlayer
2010-04-09 21:24 . 2010-04-09 21:24 -------- d-----w- c:\program files\SourceTec
2010-04-07 20:02 . 2009-11-19 18:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-06 16:11 . 2009-11-21 01:00 48656 ----a-w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-04-06 09:51 . 2010-04-06 09:51 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Solidshield
2010-04-06 09:42 . 2010-04-06 09:42 -------- d-----w- c:\program files\Ubisoft
2010-03-30 20:40 . 2010-01-23 19:45 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Sony
2010-03-30 18:36 . 2010-03-30 18:36 503808 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6033264a-n\msvcp71.dll
2010-03-30 18:36 . 2010-03-30 18:36 499712 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6033264a-n\jmc.dll
2010-03-30 18:36 . 2010-03-30 18:36 348160 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6033264a-n\msvcr71.dll
2010-03-30 18:36 . 2010-03-30 18:36 -------- d-----w- c:\program files\Common Files\Java
2010-03-30 18:36 . 2010-03-30 18:36 61440 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5bc63d2a-n\decora-sse.dll
2010-03-30 18:36 . 2010-03-30 18:36 12800 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5bc63d2a-n\decora-d3d.dll
2010-03-30 18:35 . 2001-10-26 18:15 87418 ----a-w- c:\windows\system32\perfc015.dat
2010-03-30 18:35 . 2001-10-26 18:15 494278 ----a-w- c:\windows\system32\perfh015.dat
2010-03-30 11:59 . 2010-03-30 11:53 -------- d-----w- c:\program files\Bloodrayne
2010-03-29 21:56 . 2010-03-29 21:56 -------- d-----w- c:\program files\Electronic Arts
2010-03-29 17:30 . 2010-03-07 21:14 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10
2010-03-26 21:36 . 2010-03-26 21:36 -------- d-----w- c:\program files\SEGA
2010-03-26 21:04 . 2010-01-09 15:32 -------- d-----w- c:\program files\EA GAMES
2010-03-26 20:51 . 2009-12-08 12:54 -------- d-----w- c:\program files\Return to Castle Wolfenstein
2010-03-26 18:33 . 2010-01-24 12:54 -------- d-----w- c:\program files\Metin2_PL
2010-03-24 15:15 . 2010-03-24 15:15 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Sony Creative Software
2010-03-22 23:10 . 2010-03-09 15:39 -------- d-----w- c:\program files\Astrum Online Entertainment
2010-03-22 15:35 . 2010-03-22 15:25 -------- d-----w- c:\program files\ChrisTV PVR
2010-03-19 20:16 . 2010-01-14 22:10 -------- d-----w- c:\program files\Winamp
2010-03-18 15:25 . 2010-03-18 14:50 -------- d-----w- c:\program files\Password Protect USB
2010-03-11 22:14 . 2010-03-11 22:14 42080 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
2010-03-11 22:13 . 2010-03-11 22:13 11776 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
2010-02-10 14:00 . 2010-02-10 14:00 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-04-13 . 607C976B22AEB2FCF8A7486BCCA1E3BF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\kopia sp2\$ntservicepackuninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2008-10-21 2154496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-21 13574144]
"nwiz"="nwiz.exe" [2008-10-21 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-21 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-28 1800464]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Tray"="c:\program files\CyberLink\YouCam\YouCam.exe" [2010-01-25 224352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Scheduler for OEM.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Scheduler for OEM.lnk
backup=c:\windows\pss\Scheduler for OEM.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 22:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Card Remote Control Device Monitor]
2008-06-17 07:10 352256 ----a-r- c:\windows\713xRMTMon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Documents and Settings\\Administrator\\Pulpit\\programy\\gry\\?????\\RuSro\\RuSro\\_riBot_Beta_Released_v1.0.53\\riBot.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Metin2_PL\\metin2client.bin"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\Ubisoft\\James Cameron's AVATAR - THE GAME\\bin\\Avatar.exe"=
"c:\\Program Files\\Ubisoft\\James Cameron's AVATAR - THE GAME\\bin\\AvatarLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Sony\\Vegas Pro 9.0\\VegSrv90.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14393:TCP"= 14393:TCP:BitComet 14393 TCP
"14393:UDP"= 14393:UDP:BitComet 14393 UDP
"7762:TCP"= 7762:TCP:BitComet 7762 TCP
"7762:UDP"= 7762:UDP:BitComet 7762 UDP
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2009-11-21 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2009-11-21 5248]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-11-19 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-11-19 25160]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-02-06 93336]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-15 18816]
R2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [2009-11-25 279552]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [2009-11-19 80392]
R2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2009-11-25 25984]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2010-01-25 27504]
S2 Passwdrenew;Passwdrenew;System32\rnpasswd.exe --> System32\rnpasswd.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1CE6.tmp --> c:\windows\system32\1CE6.tmp [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-11-19 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 119.115.136.62:8080
uInternet Settings,ProxyOverride = <local>
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Menu Start\Programy\IMVU\Run IMVU.lnk
Trusted Zone: kuaiche.com\software
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5090alu2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.astrona.pl/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5090alu2.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll
FF - component: c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5090alu2.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-16 18:00
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8B807320]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecfc3
\Driver\ACPI -> ACPI.sys @ 0xb7f58cb8
\Driver\atapi -> 0x8b807320
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1CE6.tmp"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-861567501-1409082233-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Czas ukończenia: 2010-05-16 18:05:08
ComboFix-quarantined-files.txt 2010-05-16 16:04

Przed: 127 430 139 904 bajtów wolnych
Po: 127 388 823 552 bajtów wolnych

- - End Of File - - 23E5D60688180683673A0FD7051B608D




Jak uruchamiam combofixa to pisze mi ze wykrył rootkita resetuje kompa i dopiero zaczyna prace.

Użytkownik Katarina edytował ten post 16 05 2010 - 19:41

  • 0

#4 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 16 05 2010 - 20:00

Tu nie ma nawet najmniejszego śladu Rootkita. Nie ma też żadnej innej infekcji.

Możesz oczywiście dać jeszcze dwa log z > GMER http://www.gmer.net/
na ustawieniach:
1) >>gmer>>Rootkit>>Szukaj>>Kopiuj>>CTRL+V do Notatnika (zapisz gdzieś)
2) >>gmer>>Rootkit>>zaznacz tylko "Usługi" i "Pokaż wszystko">>Szukaj>

Pierwszy log może trwać nawet kilka godzin.
.
  • 0

#5 kuba206

kuba206

    Obserwator

  • 8 postów

Napisano 16 05 2010 - 20:04

nie działa mi ten program ;/ wyskakuje błąd od windowsa i klikam nie wysyłaj
  • 0

#6 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 16 05 2010 - 20:13

Jeśli ktoś ma jakiś 'wirtual" ("Daemon Tools", "Alcohol", itp), to
przed uruchomieniem GMER trzeba zrobić najpierw to:
1) użyć >defogger
2) usunąć sterownik SPTD narzędziem SPTDInst z opcji Uninstall (jeśli będzie zszarzałe, to OK).
.
  • 0

#7 kuba206

kuba206

    Obserwator

  • 8 postów

Napisano 16 05 2010 - 22:02

ok robi się. który log przysłać ? bo ten pierwszy chyba będzie długi. czy wkleić 2 na forum ?
  • 0

#8 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 16 05 2010 - 22:21

Możesz dać np. w ten sposób:
Log wklej na http://wklejto.pl/, a w poście daj tylko link.(czyli skopiuj adres z paska adresów)
  • 0

#9 kuba206

kuba206

    Obserwator

  • 8 postów

Napisano 16 05 2010 - 23:19

log cały http://wklejto.pl/67370
log usługi http://wklejto.pl/67371
  • 0

#10 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 16 05 2010 - 23:34

Pierwszy log nie jest cały, chyba się nie zmieścił.
W tej częsci, która jest - nie ma Rootkita.
Log "usługowy" - nie ma Rootkita.
.
  • 0

#11 kuba206

kuba206

    Obserwator

  • 8 postów

Napisano 17 05 2010 - 00:47

ok to zamieszczam tu na fotum powinien byc cały ;>


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-16 23:17:18
Windows 5.1.2600 Dodatek Service Pack 3
Running: vy6gbm33.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\kxldqpow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                  ZwAdjustPrivilegesToken [0xB43FDBDA]
SSDT            8A639580                                                                                                                                    ZwAssignProcessToJobObject
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                  ZwConnectPort [0xB43FD1B8]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                  ZwCreateFile [0xB43FD840]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                  ZwCreateKey [0xB43FE35A]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                  ZwCreatePort [0xB43FD09A]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                  ZwCreateSection [0xB43FF06A]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                  ZwCreateSymbolicLinkObject [0xB43FF302]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                  ZwCreateThread [0xB43FCC60]
SSDT            8A63A100                                                                                                                                    ZwDebugActiveProcess
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                  ZwDeleteKey [0xB43FDFC4]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                  ZwDeleteValueKey [0xB43FE174]
SSDT            8A639B30                                                                                                                                    ZwDuplicateObject
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                  ZwLoadDriver [0xB43FECEC]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                  ZwMakeTemporaryObject [0xB43FD43C]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                  ZwOpenFile [0xB43FDA1C]
SSDT            8A638CC0                                                                                                                                    ZwOpenProcess
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                  ZwOpenSection [0xB43FD6CC]
SSDT            8A638FC0                                                                                                                                    ZwOpenThread
SSDT            8A6399C0                                                                                                                                    ZwProtectVirtualMemory
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                  ZwRenameKey [0xB43FE720]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                  ZwRequestWaitReplyPort [0xB43FF648]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                  ZwSecureConnectPort [0xB43FEA88]
SSDT            8A639860                                                                                                                                    ZwSetContextThread
SSDT            8A6396E0                                                                                                                                    ZwSetInformationThread
SSDT            8A636700                                                                                                                                    ZwSetSecurityObject
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                  ZwSetSystemInformation [0xB43FEE9A]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                  ZwSetValueKey [0xB43FE520]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                  ZwShutdownSystem [0xB43FD3D6]
SSDT            8A639420                                                                                                                                    ZwSuspendProcess
SSDT            8A6392C0                                                                                                                                    ZwSuspendThread
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                  ZwSystemDebugControl [0xB43FD5C0]
SSDT            8A638E50                                                                                                                                    ZwTerminateProcess
SSDT            8A639150                                                                                                                                    ZwTerminateThread
SSDT            8A639F50                                                                                                                                    ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2F0C                                                                                                        80504798 4 Bytes  JMP 60E4B43F 
.text           ntkrnlpa.exe!ZwCallbackReturn + 2FB8                                                                                                        80504844 12 Bytes  [20, 94, 63, 8A, C0, 92, 63, ...]
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                                    section is writeable [0xB6DD4360, 0x32E00D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] ntdll.dll!NtAllocateVirtualMemory                                               7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] ntdll.dll!NtClose                                                               7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] ntdll.dll!NtCreateFile                                                          7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] ntdll.dll!NtCreateProcess                                                       7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] ntdll.dll!NtCreateProcessEx                                                     7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] ntdll.dll!NtDeleteFile                                                          7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] ntdll.dll!NtFreeVirtualMemory                                                   7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] ntdll.dll!NtLoadDriver                                                          7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] ntdll.dll!NtOpenFile                                                            7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] ntdll.dll!NtProtectVirtualMemory                                                7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] ntdll.dll!NtSetInformationProcess                                               7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] ntdll.dll!NtUnloadDriver                                                        7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] ntdll.dll!NtWriteVirtualMemory                                                  7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] ntdll.dll!RtlAllocateHeap                                                       7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] ntdll.dll!LdrLoadDll                                                            7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] ntdll.dll!LdrUnloadDll                                                          7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] ntdll.dll!LdrGetProcedureAddress                                                7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!CreateFileA                                                        7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!VirtualProtect                                                     7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!LoadLibraryExW                                                     7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!LoadLibraryExA                                                     7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!LoadLibraryA                                                       7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!CreateProcessW                                                     7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!CreateProcessA                                                     7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!GetProcAddress                                                     7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!LoadLibraryW                                                       7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!GetModuleHandleA                                                   7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!GetModuleHandleW                                                   7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!CreateFileW                                                        7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!MoveFileWithProgressW                                              7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!MoveFileW                                                          7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!OpenFile                                                           7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!OpenFile + 3                                                       7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!CopyFileExW                                                        7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!CopyFileA                                                          7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!CopyFileW                                                          7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!DeleteFileA                                                        7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!DeleteFileW                                                        7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!MoveFileExW                                                        7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!MoveFileA                                                          7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!MoveFileWithProgressA                                              7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!MoveFileExA                                                        7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!CopyFileExA                                                        7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!WinExec                                                            7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!LoadModule                                                         7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] USER32.dll!EndTask                                                              7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] ADVAPI32.dll!OpenServiceW                                                       77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] ADVAPI32.dll!OpenServiceA                                                       77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] ADVAPI32.dll!CreateServiceA                                                     77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] ADVAPI32.dll!CreateServiceW                                                     77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] SHELL32.dll!ShellExecuteExW                                                     7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] SHELL32.dll!ShellExecuteEx                                                      7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] SHELL32.dll!ShellExecuteA                                                       7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] SHELL32.dll!ShellExecuteW                                                       7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ntdll.dll!NtAllocateVirtualMemory                                                                   7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ntdll.dll!NtClose                                                                                   7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ntdll.dll!NtCreateFile                                                                              7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ntdll.dll!NtCreateProcess                                                                           7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ntdll.dll!NtCreateProcessEx                                                                         7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ntdll.dll!NtDeleteFile                                                                              7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ntdll.dll!NtFreeVirtualMemory                                                                       7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ntdll.dll!NtLoadDriver                                                                              7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ntdll.dll!NtOpenFile                                                                                7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ntdll.dll!NtProtectVirtualMemory                                                                    7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ntdll.dll!NtSetInformationProcess                                                                   7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ntdll.dll!NtUnloadDriver                                                                            7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ntdll.dll!NtWriteVirtualMemory                                                                      7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ntdll.dll!RtlAllocateHeap                                                                           7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ntdll.dll!LdrLoadDll                                                                                7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ntdll.dll!LdrUnloadDll                                                                              7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ntdll.dll!LdrGetProcedureAddress                                                                    7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!CreateFileA                                                                            7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!VirtualProtect                                                                         7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!LoadLibraryExW                                                                         7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!LoadLibraryExA                                                                         7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!LoadLibraryA                                                                           7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!CreateProcessW                                                                         7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!CreateProcessA                                                                         7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!GetProcAddress                                                                         7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!LoadLibraryW                                                                           7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!GetModuleHandleA                                                                       7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!GetModuleHandleW                                                                       7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!CreateFileW                                                                            7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!MoveFileWithProgressW                                                                  7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!MoveFileW                                                                              7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!OpenFile                                                                               7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!OpenFile + 3                                                                           7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!CopyFileExW                                                                            7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!CopyFileA                                                                              7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!CopyFileW                                                                              7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!DeleteFileA                                                                            7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!DeleteFileW                                                                            7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!MoveFileExW                                                                            7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!MoveFileA                                                                              7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!MoveFileWithProgressA                                                                  7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!MoveFileExA                                                                            7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!CopyFileExA                                                                            7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!WinExec                                                                                7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!LoadModule                                                                             7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] USER32.dll!EndTask                                                                                  7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ADVAPI32.dll!OpenServiceW                                                                           77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ADVAPI32.dll!OpenServiceA                                                                           77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ADVAPI32.dll!CreateServiceA                                                                         77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ADVAPI32.dll!CreateServiceW                                                                         77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] SHELL32.dll!ShellExecuteExW                                                                         7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] SHELL32.dll!ShellExecuteEx                                                                          7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] SHELL32.dll!ShellExecuteA                                                                           7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] SHELL32.dll!ShellExecuteW                                                                           7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ole32.dll!CoCreateInstanceEx                                                                        774F0526 5 Bytes  JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Vtune\TBPanel.exe[212] ole32.dll!CoGetClassObject                                                                          775056C5 5 Bytes  JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ntdll.dll!NtAllocateVirtualMemory                                                  7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ntdll.dll!NtClose                                                                  7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ntdll.dll!NtCreateFile                                                             7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ntdll.dll!NtCreateProcess                                                          7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ntdll.dll!NtCreateProcessEx                                                        7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ntdll.dll!NtDeleteFile                                                             7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ntdll.dll!NtFreeVirtualMemory                                                      7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ntdll.dll!NtLoadDriver                                                             7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ntdll.dll!NtOpenFile                                                               7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ntdll.dll!NtProtectVirtualMemory                                                   7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ntdll.dll!NtSetInformationProcess                                                  7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ntdll.dll!NtUnloadDriver                                                           7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ntdll.dll!NtWriteVirtualMemory                                                     7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ntdll.dll!RtlAllocateHeap                                                          7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ntdll.dll!LdrLoadDll                                                               7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ntdll.dll!LdrUnloadDll                                                             7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ntdll.dll!LdrGetProcedureAddress                                                   7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!CreateFileA                                                           7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!VirtualProtect                                                        7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!LoadLibraryExW                                                        7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!LoadLibraryExA                                                        7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!LoadLibraryA                                                          7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!CreateProcessW                                                        7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!CreateProcessA                                                        7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!GetProcAddress                                                        7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!LoadLibraryW                                                          7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!GetModuleHandleA                                                      7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!GetModuleHandleW                                                      7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!CreateFileW                                                           7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!MoveFileWithProgressW                                                 7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!MoveFileW                                                             7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!OpenFile                                                              7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!OpenFile + 3                                                          7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!CopyFileExW                                                           7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!CopyFileA                                                             7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!CopyFileW                                                             7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!DeleteFileA                                                           7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!DeleteFileW                                                           7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!MoveFileExW                                                           7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!MoveFileA                                                             7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!MoveFileWithProgressA                                                 7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!SetUnhandledExceptionFilter                                           7C8449FD 4 Bytes  [C2, 04, 00, 00]
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!MoveFileExA                                                           7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!CopyFileExA                                                           7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!WinExec                                                               7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!LoadModule                                                            7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] WS2_32.dll!WSASocketW                                                              71A5404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] WS2_32.dll!WSASocketA                                                              71A58B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ADVAPI32.dll!OpenServiceW                                                          77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ADVAPI32.dll!OpenServiceA                                                          77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ADVAPI32.dll!CreateServiceA                                                        77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ADVAPI32.dll!CreateServiceW                                                        77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] USER32.dll!EndTask                                                                 7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] SHELL32.dll!ShellExecuteExW                                                        7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] SHELL32.dll!ShellExecuteEx                                                         7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] SHELL32.dll!ShellExecuteA                                                          7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] SHELL32.dll!ShellExecuteW                                                          7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ole32.dll!CoCreateInstanceEx                                                       774F0526 5 Bytes  JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] ole32.dll!CoGetClassObject                                                         775056C5 5 Bytes  JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ntdll.dll!NtAllocateVirtualMemory                                                        7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ntdll.dll!NtClose                                                                        7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ntdll.dll!NtCreateFile                                                                   7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ntdll.dll!NtCreateProcess                                                                7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ntdll.dll!NtCreateProcessEx                                                              7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ntdll.dll!NtDeleteFile                                                                   7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ntdll.dll!NtFreeVirtualMemory                                                            7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ntdll.dll!NtLoadDriver                                                                   7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ntdll.dll!NtOpenFile                                                                     7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ntdll.dll!NtProtectVirtualMemory                                                         7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ntdll.dll!NtSetInformationProcess                                                        7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ntdll.dll!NtUnloadDriver                                                                 7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ntdll.dll!NtWriteVirtualMemory                                                           7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ntdll.dll!RtlAllocateHeap                                                                7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ntdll.dll!LdrLoadDll                                                                     7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ntdll.dll!LdrUnloadDll                                                                   7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ntdll.dll!LdrGetProcedureAddress                                                         7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!CreateFileA                                                                 7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!VirtualProtect                                                              7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!LoadLibraryExW                                                              7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!LoadLibraryExA                                                              7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!LoadLibraryA                                                                7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!CreateProcessW                                                              7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!CreateProcessA                                                              7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!GetProcAddress                                                              7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!LoadLibraryW                                                                7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!GetModuleHandleA                                                            7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!GetModuleHandleW                                                            7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!CreateFileW                                                                 7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!MoveFileWithProgressW                                                       7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!MoveFileW                                                                   7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!OpenFile                                                                    7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!OpenFile + 3                                                                7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!CopyFileExW                                                                 7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!CopyFileA                                                                   7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!CopyFileW                                                                   7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!DeleteFileA                                                                 7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!DeleteFileW                                                                 7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!MoveFileExW                                                                 7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!MoveFileA                                                                   7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!MoveFileWithProgressA                                                       7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!MoveFileExA                                                                 7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!CopyFileExA                                                                 7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!WinExec                                                                     7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!LoadModule                                                                  7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ADVAPI32.dll!OpenServiceW                                                                77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ADVAPI32.dll!OpenServiceA                                                                77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ADVAPI32.dll!CreateServiceA                                                              77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ADVAPI32.dll!CreateServiceW                                                              77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] USER32.dll!EndTask                                                                       7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ole32.dll!CoCreateInstanceEx                                                             774F0526 5 Bytes  JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] ole32.dll!CoGetClassObject                                                               775056C5 5 Bytes  JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ntdll.dll!NtAllocateVirtualMemory                                                               7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ntdll.dll!NtClose                                                                               7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ntdll.dll!NtCreateFile                                                                          7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ntdll.dll!NtCreateProcess                                                                       7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ntdll.dll!NtCreateProcessEx                                                                     7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ntdll.dll!NtDeleteFile                                                                          7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ntdll.dll!NtFreeVirtualMemory                                                                   7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ntdll.dll!NtLoadDriver                                                                          7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ntdll.dll!NtOpenFile                                                                            7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ntdll.dll!NtProtectVirtualMemory                                                                7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ntdll.dll!NtSetInformationProcess                                                               7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ntdll.dll!NtUnloadDriver                                                                        7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ntdll.dll!NtWriteVirtualMemory                                                                  7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ntdll.dll!RtlAllocateHeap                                                                       7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ntdll.dll!LdrLoadDll                                                                            7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ntdll.dll!LdrUnloadDll                                                                          7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ntdll.dll!LdrGetProcedureAddress                                                                7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!CreateFileA                                                                        7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!VirtualProtect                                                                     7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!LoadLibraryExW                                                                     7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!LoadLibraryExA                                                                     7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!LoadLibraryA                                                                       7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!CreateProcessW                                                                     7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!CreateProcessA                                                                     7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!GetProcAddress                                                                     7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!LoadLibraryW                                                                       7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!GetModuleHandleA                                                                   7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!GetModuleHandleW                                                                   7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!CreateFileW                                                                        7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!MoveFileWithProgressW                                                              7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!MoveFileW                                                                          7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!OpenFile                                                                           7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!OpenFile + 3                                                                       7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!CopyFileExW                                                                        7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!CopyFileA                                                                          7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!CopyFileW                                                                          7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!DeleteFileA                                                                        7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!DeleteFileW                                                                        7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!MoveFileExW                                                                        7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!MoveFileA                                                                          7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!MoveFileWithProgressA                                                              7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!MoveFileExA                                                                        7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!CopyFileExA                                                                        7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!WinExec                                                                            7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!LoadModule                                                                         7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] WS2_32.dll!WSASocketW                                                                           71A5404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] WS2_32.dll!WSASocketA                                                                           71A58B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ADVAPI32.dll!OpenServiceW                                                                       77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ADVAPI32.dll!OpenServiceA                                                                       77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ADVAPI32.dll!CreateServiceA                                                                     77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ADVAPI32.dll!CreateServiceW                                                                     77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ole32.dll!CoCreateInstanceEx                                                                    774F0526 5 Bytes  JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] ole32.dll!CoGetClassObject                                                                      775056C5 5 Bytes  JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Java\jre6\bin\jqs.exe[516] USER32.dll!EndTask                                                                              7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] ntdll.dll!NtAllocateVirtualMemory                                                                      7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] ntdll.dll!NtClose                                                                                      7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] ntdll.dll!NtCreateFile                                                                                 7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] ntdll.dll!NtCreateProcess                                                                              7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] ntdll.dll!NtCreateProcessEx                                                                            7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] ntdll.dll!NtDeleteFile                                                                                 7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] ntdll.dll!NtFreeVirtualMemory                                                                          7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] ntdll.dll!NtLoadDriver                                                                                 7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] ntdll.dll!NtOpenFile                                                                                   7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] ntdll.dll!NtProtectVirtualMemory                                                                       7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] ntdll.dll!NtSetInformationProcess                                                                      7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] ntdll.dll!NtUnloadDriver                                                                               7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] ntdll.dll!NtWriteVirtualMemory                                                                         7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] ntdll.dll!RtlAllocateHeap                                                                              7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] ntdll.dll!LdrLoadDll                                                                                   7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] ntdll.dll!LdrUnloadDll                                                                                 7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] ntdll.dll!LdrGetProcedureAddress                                                                       7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!CreateFileA                                                                               7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!VirtualProtect                                                                            7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!LoadLibraryExW                                                                            7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!LoadLibraryExA                                                                            7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!LoadLibraryA                                                                              7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!CreateProcessW                                                                            7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!CreateProcessA                                                                            7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!GetProcAddress                                                                            7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!LoadLibraryW                                                                              7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!GetModuleHandleA                                                                          7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!GetModuleHandleW                                                                          7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!CreateFileW                                                                               7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!MoveFileWithProgressW                                                                     7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!MoveFileW                                                                                 7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!OpenFile                                                                                  7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!OpenFile + 3                                                                              7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!CopyFileExW                                                                               7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!CopyFileA                                                                                 7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!CopyFileW                                                                                 7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!DeleteFileA                                                                               7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!DeleteFileW                                                                               7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!MoveFileExW                                                                               7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!MoveFileA                                                                                 7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!MoveFileWithProgressA                                                                     7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!MoveFileExA                                                                               7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!CopyFileExA                                                                               7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!WinExec                                                                                   7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!LoadModule                                                                                7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] USER32.dll!EndTask                                                                                     7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] ADVAPI32.dll!OpenServiceW                                                                              77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] ADVAPI32.dll!OpenServiceA                                                                              77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] ADVAPI32.dll!CreateServiceA                                                                            77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[540] ADVAPI32.dll!CreateServiceW                                                                            77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] ntdll.dll!NtAllocateVirtualMemory                                                                     7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] ntdll.dll!NtClose                                                                                     7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] ntdll.dll!NtCreateFile                                                                                7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] ntdll.dll!NtCreateProcess                                                                             7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] ntdll.dll!NtCreateProcessEx                                                                           7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] ntdll.dll!NtDeleteFile                                                                                7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] ntdll.dll!NtFreeVirtualMemory                                                                         7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] ntdll.dll!NtLoadDriver                                                                                7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] ntdll.dll!NtOpenFile                                                                                  7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] ntdll.dll!NtProtectVirtualMemory                                                                      7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] ntdll.dll!NtSetInformationProcess                                                                     7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] ntdll.dll!NtUnloadDriver                                                                              7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] ntdll.dll!NtWriteVirtualMemory                                                                        7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] ntdll.dll!RtlAllocateHeap                                                                             7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] ntdll.dll!LdrLoadDll                                                                                  7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] ntdll.dll!LdrUnloadDll                                                                                7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] ntdll.dll!LdrGetProcedureAddress                                                                      7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!CreateFileA                                                                              7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!VirtualProtect                                                                           7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!LoadLibraryExW                                                                           7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!LoadLibraryExA                                                                           7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!LoadLibraryA                                                                             7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!CreateProcessW                                                                           7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!CreateProcessA                                                                           7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!GetProcAddress                                                                           7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!LoadLibraryW                                                                             7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!GetModuleHandleA                                                                         7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!GetModuleHandleW                                                                         7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!CreateFileW                                                                              7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!MoveFileWithProgressW                                                                    7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!MoveFileW                                                                                7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!OpenFile                                                                                 7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!OpenFile + 3                                                                             7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!CopyFileExW                                                                              7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!CopyFileA                                                                                7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!CopyFileW                                                                                7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!DeleteFileA                                                                              7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!DeleteFileW                                                                              7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!MoveFileExW                                                                              7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!MoveFileA                                                                                7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!MoveFileWithProgressA                                                                    7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!MoveFileExA                                                                              7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!CopyFileExA                                                                              7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!WinExec                                                                                  7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!LoadModule                                                                               7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] WS2_32.dll!WSASocketW                                                                                 71A5404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] WS2_32.dll!WSASocketA                                                                                 71A58B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] ADVAPI32.dll!OpenServiceW                                                                             77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] ADVAPI32.dll!OpenServiceA                                                                             77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] ADVAPI32.dll!CreateServiceA                                                                           77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] ADVAPI32.dll!CreateServiceW                                                                           77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\HPZipm12.exe[552] USER32.dll!EndTask                                                                                    7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] ntdll.dll!NtAllocateVirtualMemory                                                                     7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] ntdll.dll!NtClose                                                                                     7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] ntdll.dll!NtCreateFile                                                                                7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] ntdll.dll!NtCreateProcess                                                                             7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] ntdll.dll!NtCreateProcessEx                                                                           7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] ntdll.dll!NtDeleteFile                                                                                7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] ntdll.dll!NtFreeVirtualMemory                                                                         7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] ntdll.dll!NtLoadDriver                                                                                7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] ntdll.dll!NtOpenFile                                                                                  7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] ntdll.dll!NtProtectVirtualMemory                                                                      7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] ntdll.dll!NtSetInformationProcess                                                                     7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] ntdll.dll!NtUnloadDriver                                                                              7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] ntdll.dll!NtWriteVirtualMemory                                                                        7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] ntdll.dll!RtlAllocateHeap                                                                             7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] ntdll.dll!LdrLoadDll                                                                                  7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] ntdll.dll!LdrUnloadDll                                                                                7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] ntdll.dll!LdrGetProcedureAddress                                                                      7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!CreateFileA                                                                              7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!VirtualProtect                                                                           7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!LoadLibraryExW                                                                           7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!LoadLibraryExA                                                                           7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!LoadLibraryA                                                                             7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!CreateProcessW                                                                           7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!CreateProcessA                                                                           7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!GetProcAddress                                                                           7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!LoadLibraryW                                                                             7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!GetModuleHandleA                                                                         7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!GetModuleHandleW                                                                         7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!CreateFileW                                                                              7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!MoveFileWithProgressW                                                                    7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!MoveFileW                                                                                7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!OpenFile                                                                                 7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!OpenFile + 3                                                                             7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!CopyFileExW                                                                              7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!CopyFileA                                                                                7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!CopyFileW                                                                                7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!DeleteFileA                                                                              7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!DeleteFileW                                                                              7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!MoveFileExW                                                                              7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!MoveFileA                                                                                7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!MoveFileWithProgressA                                                                    7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!MoveFileExA                                                                              7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!CopyFileExA                                                                              7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!WinExec                                                                                  7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] kernel32.dll!LoadModule                                                                               7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] USER32.dll!EndTask                                                                                    7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] ADVAPI32.dll!OpenServiceW                                                                             77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] ADVAPI32.dll!OpenServiceA                                                                             77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] ADVAPI32.dll!CreateServiceA                                                                           77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] ADVAPI32.dll!CreateServiceW                                                                           77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] SHELL32.dll!ShellExecuteExW                                                                           7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] SHELL32.dll!ShellExecuteEx                                                                            7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] SHELL32.dll!ShellExecuteA                                                                             7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] SHELL32.dll!ShellExecuteW                                                                             7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] WS2_32.dll!WSASocketW                                                                                 71A5404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\PnkBstrA.exe[584] WS2_32.dll!WSASocketA                                                                                 71A58B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtAllocateVirtualMemory                                                                     7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtClose                                                                                     7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtCreateFile                                                                                7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtCreateProcess                                                                             7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtCreateProcessEx                                                                           7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtDeleteFile                                                                                7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtFreeVirtualMemory                                                                         7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtLoadDriver                                                                                7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtOpenFile                                                                                  7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtProtectVirtualMemory                                                                      7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtSetInformationProcess                                                                     7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtUnloadDriver                                                                              7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtWriteVirtualMemory                                                                        7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] ntdll.dll!RtlAllocateHeap                                                                             7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] ntdll.dll!LdrLoadDll                                                                                  7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] ntdll.dll!LdrUnloadDll                                                                                7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] ntdll.dll!LdrGetProcedureAddress                                                                      7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!CreateFileA                                                                              7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!VirtualProtect                                                                           7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!LoadLibraryExW                                                                           7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!LoadLibraryExA                                                                           7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!LoadLibraryA                                                                             7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!CreateProcessW                                                                           7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!CreateProcessA                                                                           7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!GetProcAddress                                                                           7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!LoadLibraryW                                                                             7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!GetModuleHandleA                                                                         7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!GetModuleHandleW                                                                         7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!CreateFileW                                                                              7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!MoveFileWithProgressW                                                                    7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!MoveFileW                                                                                7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!OpenFile                                                                                 7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!OpenFile + 3                                                                             7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!CopyFileExW                                                                              7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!CopyFileA                                                                                7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!CopyFileW                                                                                7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!DeleteFileA                                                                              7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!DeleteFileW                                                                              7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!MoveFileExW                                                                              7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!MoveFileA                                                                                7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!MoveFileWithProgressA                                                                    7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!MoveFileExA                                                                              7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!CopyFileExA                                                                              7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!WinExec                                                                                  7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] kernel32.dll!LoadModule                                                                               7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] ADVAPI32.dll!OpenServiceW                                                                             77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] ADVAPI32.dll!OpenServiceA                                                                             77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] ADVAPI32.dll!CreateServiceA                                                                           77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] ADVAPI32.dll!CreateServiceW                                                                           77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[812] USER32.dll!EndTask                                                                                    7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtAllocateVirtualMemory                                                                        7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtClose                                                                                        7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtCreateFile                                                                                   7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtCreateProcess                                                                                7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtCreateProcessEx                                                                              7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtDeleteFile                                                                                   7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtFreeVirtualMemory                                                                            7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtLoadDriver                                                                                   7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtOpenFile                                                                                     7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtProtectVirtualMemory                                                                         7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtSetInformationProcess                                                                        7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtUnloadDriver                                                                                 7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtWriteVirtualMemory                                                                           7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!RtlAllocateHeap                                                                                7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!LdrLoadDll                                                                                     7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!LdrUnloadDll                                                                                   7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!LdrGetProcedureAddress                                                                         7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!CreateFileA                                                                                 7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!VirtualProtect                                                                              7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!LoadLibraryExW                                                                              7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!LoadLibraryExA                                                                              7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!LoadLibraryA                                                                                7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!CreateProcessW                                                                              7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!CreateProcessA                                                                              7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!GetProcAddress                                                                              7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!LoadLibraryW                                                                                7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!GetModuleHandleA                                                                            7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!GetModuleHandleW                                                                            7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!CreateFileW                                                                                 7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!MoveFileWithProgressW                                                                       7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!MoveFileW                                                                                   7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!OpenFile                                                                                    7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!OpenFile + 3                                                                                7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!CopyFileExW                                                                                 7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!CopyFileA                                                                                   7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!CopyFileW                                                                                   7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!DeleteFileA                                                                                 7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!DeleteFileW                                                                                 7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!MoveFileExW                                                                                 7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!MoveFileA                                                                                   7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!MoveFileWithProgressA                                                                       7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!MoveFileExA                                                                                 7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!CopyFileExA                                                                                 7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!WinExec                                                                                     7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!LoadModule                                                                                  7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ADVAPI32.dll!OpenServiceW                                                                                77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ADVAPI32.dll!OpenServiceA                                                                                77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ADVAPI32.dll!CreateServiceA                                                                              77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ADVAPI32.dll!CreateServiceW                                                                              77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] USER32.dll!EndTask                                                                                       7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] WS2_32.dll!WSASocketW                                                                                    71A5404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] WS2_32.dll!WSASocketA                                                                                    71A58B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ole32.dll!CoCreateInstanceEx                                                                             774F0526 5 Bytes  JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] ole32.dll!CoGetClassObject                                                                               775056C5 5 Bytes  JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] SHELL32.dll!ShellExecuteExW                                                                              7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] SHELL32.dll!ShellExecuteEx                                                                               7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] SHELL32.dll!ShellExecuteA                                                                                7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[824] SHELL32.dll!ShellExecuteW                                                                                7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtAllocateVirtualMemory                                                                     7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtClose                                                                                     7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtCreateFile                                                                                7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtCreateProcess                                                                             7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtCreateProcessEx                                                                           7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtDeleteFile                                                                                7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtFreeVirtualMemory                                                                         7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtLoadDriver                                                                                7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtOpenFile                                                                                  7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtProtectVirtualMemory                                                                      7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtSetInformationProcess                                                                     7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtUnloadDriver                                                                              7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtWriteVirtualMemory                                                                        7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!RtlAllocateHeap                                                                             7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrLoadDll                                                                                  7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrUnloadDll                                                                                7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrGetProcedureAddress                                                                      7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateFileA                                                                              7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!VirtualProtect                                                                           7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExW                                                                           7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExA                                                                           7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryA                                                                             7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessW                                                                           7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessA                                                                           7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetProcAddress                                                                           7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryW                                                                             7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetModuleHandleA                                                                         7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetModuleHandleW                                                                         7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateFileW                                                                              7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileWithProgressW                                                                    7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileW                                                                                7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!OpenFile                                                                                 7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!OpenFile + 3                                                                             7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CopyFileExW                                                                              7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CopyFileA                                                                                7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CopyFileW                                                                                7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!DeleteFileA                                                                              7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!DeleteFileW                                                                              7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileExW                                                                              7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileA                                                                                7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileWithProgressA                                                                    7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileExA                                                                              7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CopyFileExA                                                                              7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!WinExec                                                                                  7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadModule                                                                               7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!OpenServiceW                                                                             77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!OpenServiceA                                                                             77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateServiceA                                                                           77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateServiceW                                                                           77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!EndTask                                                                                    7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ole32.dll!CoCreateInstanceEx                                                                          774F0526 5 Bytes  JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] ole32.dll!CoGetClassObject                                                                            775056C5 5 Bytes  JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] SHELL32.dll!ShellExecuteExW                                                                           7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] SHELL32.dll!ShellExecuteEx                                                                            7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] SHELL32.dll!ShellExecuteA                                                                             7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1000] SHELL32.dll!ShellExecuteW                                                                             7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtAllocateVirtualMemory                                                                     7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtClose                                                                                     7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtCreateFile                                                                                7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtCreateProcess                                                                             7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtCreateProcessEx                                                                           7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtDeleteFile                                                                                7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtFreeVirtualMemory                                                                         7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtLoadDriver                                                                                7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtOpenFile                                                                                  7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtProtectVirtualMemory                                                                      7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtSetInformationProcess                                                                     7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtUnloadDriver                                                                              7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtWriteVirtualMemory                                                                        7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!RtlAllocateHeap                                                                             7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrLoadDll                                                                                  7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrUnloadDll                                                                                7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrGetProcedureAddress                                                                      7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateFileA                                                                              7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!VirtualProtect                                                                           7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExW                                                                           7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExA                                                                           7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryA                                                                             7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessW                                                                           7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessA                                                                           7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetProcAddress                                                                           7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryW                                                                             7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetModuleHandleA                                                                         7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetModuleHandleW                                                                         7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateFileW                                                                              7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!MoveFileWithProgressW                                                                    7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!MoveFileW                                                                                7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!OpenFile                                                                                 7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!OpenFile + 3                                                                             7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CopyFileExW                                                                              7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CopyFileA                                                                                7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CopyFileW                                                                                7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!DeleteFileA                                                                              7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!DeleteFileW                                                                              7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!MoveFileExW                                                                              7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!MoveFileA                                                                                7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!MoveFileWithProgressA                                                                    7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!MoveFileExA                                                                              7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CopyFileExA                                                                              7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!WinExec                                                                                  7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadModule                                                                               7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!OpenServiceW                                                                             77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!OpenServiceA                                                                             77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!CreateServiceA                                                                           77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!CreateServiceW                                                                           77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!EndTask                                                                                    7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ole32.dll!CoCreateInstanceEx                                                                          774F0526 5 Bytes  JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] ole32.dll!CoGetClassObject                                                                            775056C5 5 Bytes  JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] SHELL32.dll!ShellExecuteExW                                                                           7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] SHELL32.dll!ShellExecuteEx                                                                            7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] SHELL32.dll!ShellExecuteA                                                                             7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1028] SHELL32.dll!ShellExecuteW                                                                             7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtAllocateVirtualMemory                                                                     7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtClose                                                                                     7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtCreateFile                                                                                7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtCreateProcess                                                                             7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtCreateProcessEx                                                                           7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtDeleteFile                                                                                7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtFreeVirtualMemory                                                                         7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtLoadDriver                                                                                7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtOpenFile                                                                                  7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtProtectVirtualMemory                                                                      7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtSetInformationProcess                                                                     7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtUnloadDriver                                                                              7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtWriteVirtualMemory                                                                        7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!RtlAllocateHeap                                                                             7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!LdrLoadDll                                                                                  7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!LdrUnloadDll                                                                                7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!LdrGetProcedureAddress                                                                      7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateFileA                                                                              7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!VirtualProtect                                                                           7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExW                                                                           7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExA                                                                           7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryA                                                                             7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessW                                                                           7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessA                                                                           7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetProcAddress                                                                           7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryW                                                                             7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetModuleHandleA                                                                         7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetModuleHandleW                                                                         7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateFileW                                                                              7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!MoveFileWithProgressW                                                                    7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!MoveFileW                                                                                7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!OpenFile                                                                                 7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!OpenFile + 3                                                                             7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CopyFileExW                                                                              7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CopyFileA                                                                                7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CopyFileW                                                                                7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!DeleteFileA                                                                              7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!DeleteFileW                                                                              7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!MoveFileExW                                                                              7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!MoveFileA                                                                                7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!MoveFileWithProgressA                                                                    7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!MoveFileExA                                                                              7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CopyFileExA                                                                              7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!WinExec                                                                                  7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadModule                                                                               7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!OpenServiceW                                                                             77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!OpenServiceA                                                                             77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!CreateServiceA                                                                           77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!CreateServiceW                                                                           77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] USER32.dll!EndTask                                                                                    7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ole32.dll!CoCreateInstanceEx                                                                          774F0526 5 Bytes  JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] ole32.dll!CoGetClassObject                                                                            775056C5 5 Bytes  JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] SHELL32.dll!ShellExecuteExW                                                                           7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] SHELL32.dll!ShellExecuteEx                                                                            7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] SHELL32.dll!ShellExecuteA                                                                             7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1068] SHELL32.dll!ShellExecuteW                                                                             7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1164] ntdll.dll!NtAllocateVirtualMemory                                       7C90CF50 5 Bytes  JMP 0040FD50 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtAllocateVirtualMemory                                                                     7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtClose                                                                                     7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtCreateFile                                                                                7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtCreateProcess                                                                             7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtCreateProcessEx                                                                           7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtDeleteFile                                                                                7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtFreeVirtualMemory                                                                         7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtLoadDriver                                                                                7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtOpenFile                                                                                  7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtProtectVirtualMemory                                                                      7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtSetInformationProcess                                                                     7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtUnloadDriver                                                                              7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtWriteVirtualMemory                                                                        7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!RtlAllocateHeap                                                                             7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrLoadDll                                                                                  7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrUnloadDll                                                                                7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrGetProcedureAddress                                                                      7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateFileA                                                                              7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!VirtualProtect                                                                           7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExW                                                                           7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExA                                                                           7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryA                                                                             7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessW                                                                           7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessA                                                                           7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetProcAddress                                                                           7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryW                                                                             7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetModuleHandleA                                                                         7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetModuleHandleW                                                                         7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateFileW                                                                              7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileWithProgressW                                                                    7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileW                                                                                7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!OpenFile                                                                                 7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!OpenFile + 3                                                                             7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CopyFileExW                                                                              7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CopyFileA                                                                                7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CopyFileW                                                                                7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!DeleteFileA                                                                              7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!DeleteFileW                                                                              7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileExW                                                                              7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileA                                                                                7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileWithProgressA                                                                    7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileExA                                                                              7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CopyFileExA                                                                              7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!WinExec                                                                                  7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadModule                                                                               7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!OpenServiceW                                                                             77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!OpenServiceA                                                                             77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!CreateServiceA                                                                           77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!CreateServiceW                                                                           77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!EndTask                                                                                    7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ole32.dll!CoCreateInstanceEx                                                                          774F0526 5 Bytes  JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] ole32.dll!CoGetClassObject                                                                            775056C5 5 Bytes  JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] SHELL32.dll!ShellExecuteExW                                                                           7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] SHELL32.dll!ShellExecuteEx                                                                            7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] SHELL32.dll!ShellExecuteA                                                                             7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1188] SHELL32.dll!ShellExecuteW                                                                             7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtAllocateVirtualMemory                                                                     7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtClose                                                                                     7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtCreateFile                                                                                7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtCreateProcess                                                                             7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtCreateProcessEx                                                                           7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtDeleteFile                                                                                7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtFreeVirtualMemory                                                                         7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtLoadDriver                                                                                7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtOpenFile                                                                                  7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtProtectVirtualMemory                                                                      7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtSetInformationProcess                                                                     7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtUnloadDriver                                                                              7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtWriteVirtualMemory                                                                        7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!RtlAllocateHeap                                                                             7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!LdrLoadDll                                                                                  7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!LdrUnloadDll                                                                                7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!LdrGetProcedureAddress                                                                      7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateFileA                                                                              7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtect                                                                           7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExW                                                                           7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExA                                                                           7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryA                                                                             7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessW                                                                           7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessA                                                                           7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetProcAddress                                                                           7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryW                                                                             7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetModuleHandleA                                                                         7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetModuleHandleW                                                                         7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateFileW                                                                              7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!MoveFileWithProgressW                                                                    7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!MoveFileW                                                                                7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!OpenFile                                                                                 7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!OpenFile + 3                                                                             7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CopyFileExW                                                                              7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CopyFileA                                                                                7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CopyFileW                                                                                7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!DeleteFileA                                                                              7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!DeleteFileW                                                                              7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!MoveFileExW                                                                              7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!MoveFileA                                                                                7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!MoveFileWithProgressA                                                                    7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!MoveFileExA                                                                              7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CopyFileExA                                                                              7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!WinExec                                                                                  7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadModule                                                                               7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!OpenServiceW                                                                             77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!OpenServiceA                                                                             77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!CreateServiceA                                                                           77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!CreateServiceW                                                                           77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!EndTask                                                                                    7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ole32.dll!CoCreateInstanceEx                                                                          774F0526 5 Bytes  JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] ole32.dll!CoGetClassObject                                                                            775056C5 5 Bytes  JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] SHELL32.dll!ShellExecuteExW                                                                           7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] SHELL32.dll!ShellExecuteEx                                                                            7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] SHELL32.dll!ShellExecuteA                                                                             7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1344] SHELL32.dll!ShellExecuteW                                                                             7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtAllocateVirtualMemory                                                                     7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtClose                                                                                     7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtCreateFile                                                                                7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtCreateProcess                                                                             7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtCreateProcessEx                                                                           7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtDeleteFile                                                                                7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtFreeVirtualMemory                                                                         7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtLoadDriver                                                                                7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtOpenFile                                                                                  7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtProtectVirtualMemory                                                                      7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtSetInformationProcess                                                                     7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtUnloadDriver                                                                              7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtWriteVirtualMemory                                                                        7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!RtlAllocateHeap                                                                             7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!LdrLoadDll                                                                                  7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!LdrUnloadDll                                                                                7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!LdrGetProcedureAddress                                                                      7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateFileA                                                                              7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!VirtualProtect                                                                           7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryExW                                                                           7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryExA                                                                           7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryA                                                                             7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateProcessW                                                                           7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateProcessA                                                                           7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetProcAddress                                                                           7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryW                                                                             7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetModuleHandleA                                                                         7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetModuleHandleW                                                                         7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateFileW                                                                              7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!MoveFileWithProgressW                                                                    7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!MoveFileW                                                                                7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!OpenFile                                                                                 7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!OpenFile + 3                                                                             7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CopyFileExW                                                                              7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CopyFileA                                                                                7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CopyFileW                                                                                7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!DeleteFileA                                                                              7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!DeleteFileW                                                                              7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!MoveFileExW                                                                              7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!MoveFileA                                                                                7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!MoveFileWithProgressA                                                                    7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!MoveFileExA                                                                              7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CopyFileExA                                                                              7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!WinExec                                                                                  7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadModule                                                                               7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!OpenServiceW                                                                             77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!OpenServiceA                                                                             77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceA                                                                           77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceW                                                                           77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!EndTask                                                                                    7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ole32.dll!CoCreateInstanceEx                                                                          774F0526 5 Bytes  JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] ole32.dll!CoGetClassObject                                                                            775056C5 5 Bytes  JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] SHELL32.dll!ShellExecuteExW                                                                           7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] SHELL32.dll!ShellExecuteEx                                                                            7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] SHELL32.dll!ShellExecuteA                                                                             7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1412] SHELL32.dll!ShellExecuteW                                                                             7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ntdll.dll!NtAllocateVirtualMemory                                                                     7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ntdll.dll!NtClose                                                                                     7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ntdll.dll!NtCreateFile                                                                                7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ntdll.dll!NtCreateProcess                                                                             7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ntdll.dll!NtCreateProcessEx                                                                           7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ntdll.dll!NtDeleteFile                                                                                7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ntdll.dll!NtFreeVirtualMemory                                                                         7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ntdll.dll!NtLoadDriver                                                                                7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ntdll.dll!NtOpenFile                                                                                  7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ntdll.dll!NtProtectVirtualMemory                                                                      7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ntdll.dll!NtSetInformationProcess                                                                     7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ntdll.dll!NtUnloadDriver                                                                              7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ntdll.dll!NtWriteVirtualMemory                                                                        7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ntdll.dll!RtlAllocateHeap                                                                             7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ntdll.dll!LdrLoadDll                                                                                  7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ntdll.dll!LdrUnloadDll                                                                                7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ntdll.dll!LdrGetProcedureAddress                                                                      7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!CreateFileA                                                                              7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!VirtualProtect                                                                           7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!LoadLibraryExW                                                                           7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!LoadLibraryExA                                                                           7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!LoadLibraryA                                                                             7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!CreateProcessW                                                                           7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!CreateProcessA                                                                           7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!GetProcAddress                                                                           7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!LoadLibraryW                                                                             7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!GetModuleHandleA                                                                         7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!GetModuleHandleW                                                                         7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!CreateFileW                                                                              7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!MoveFileWithProgressW                                                                    7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!MoveFileW                                                                                7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!OpenFile                                                                                 7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!OpenFile + 3                                                                             7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!CopyFileExW                                                                              7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!CopyFileA                                                                                7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!CopyFileW                                                                                7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!DeleteFileA                                                                              7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!DeleteFileW                                                                              7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!MoveFileExW                                                                              7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!MoveFileA                                                                                7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!MoveFileWithProgressA                                                                    7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!MoveFileExA                                                                              7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!CopyFileExA                                                                              7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!WinExec                                                                                  7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!LoadModule                                                                               7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ADVAPI32.dll!OpenServiceW                                                                             77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ADVAPI32.dll!OpenServiceA                                                                             77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ADVAPI32.dll!CreateServiceA                                                                           77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ADVAPI32.dll!CreateServiceW                                                                           77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] USER32.dll!EndTask                                                                                    7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ole32.dll!CoCreateInstanceEx                                                                          774F0526 5 Bytes  JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] ole32.dll!CoGetClassObject                                                                            775056C5 5 Bytes  JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] SHELL32.dll!ShellExecuteExW                                                                           7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] SHELL32.dll!ShellExecuteEx                                                                            7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] SHELL32.dll!ShellExecuteA                                                                             7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1536] SHELL32.dll!ShellExecuteW                                                                             7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ntdll.dll!NtAllocateVirtualMemory                                                                             7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ntdll.dll!NtClose                                                                                             7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ntdll.dll!NtCreateFile                                                                                        7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ntdll.dll!NtCreateProcess                                                                                     7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ntdll.dll!NtCreateProcessEx                                                                                   7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ntdll.dll!NtDeleteFile                                                                                        7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ntdll.dll!NtFreeVirtualMemory                                                                                 7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ntdll.dll!NtLoadDriver                                                                                        7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ntdll.dll!NtOpenFile                                                                                          7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ntdll.dll!NtProtectVirtualMemory                                                                              7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ntdll.dll!NtSetInformationProcess                                                                             7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ntdll.dll!NtUnloadDriver                                                                                      7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ntdll.dll!NtWriteVirtualMemory                                                                                7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ntdll.dll!RtlAllocateHeap                                                                                     7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ntdll.dll!LdrLoadDll                                                                                          7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ntdll.dll!LdrUnloadDll                                                                                        7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ntdll.dll!LdrGetProcedureAddress                                                                              7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!CreateFileA                                                                                      7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!VirtualProtect                                                                                   7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!LoadLibraryExW                                                                                   7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!LoadLibraryExA                                                                                   7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!LoadLibraryA                                                                                     7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!CreateProcessW                                                                                   7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!CreateProcessA                                                                                   7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!LoadLibraryW                                                                                     7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!GetModuleHandleA                                                                                 7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!GetModuleHandleW                                                                                 7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!CreateFileW                                                                                      7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!MoveFileWithProgressW                                                                            7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!MoveFileW                                                                                        7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!OpenFile                                                                                         7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!OpenFile + 3                                                                                     7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!CopyFileExW                                                                                      7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!CopyFileA                                                                                        7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!CopyFileW                                                                                        7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!DeleteFileA                                                                                      7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!DeleteFileW                                                                                      7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!MoveFileExW                                                                                      7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!MoveFileA                                                                                        7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!MoveFileWithProgressA                                                                            7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!MoveFileExA                                                                                      7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!CopyFileExA                                                                                      7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!WinExec                                                                                          7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!LoadModule                                                                                       7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ADVAPI32.dll!OpenServiceW                                                                                     77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ADVAPI32.dll!OpenServiceA                                                                                     77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ADVAPI32.dll!CreateServiceA                                                                                   77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ADVAPI32.dll!CreateServiceW                                                                                   77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] USER32.dll!EndTask                                                                                            7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ole32.dll!CoCreateInstanceEx                                                                                  774F0526 5 Bytes  JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] ole32.dll!CoGetClassObject                                                                                    775056C5 5 Bytes  JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] WININET.dll!InternetConnectA                                                                                  771B3452 5 Bytes  JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] WININET.dll!InternetConnectW                                                                                  771BEE00 5 Bytes  JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] SHELL32.dll!ShellExecuteExW                                                                                   7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] SHELL32.dll!ShellExecuteEx                                                                                    7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] SHELL32.dll!ShellExecuteA                                                                                     7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1916] SHELL32.dll!ShellExecuteW                                                                                     7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ntdll.dll!NtAllocateVirtualMemory                                          7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ntdll.dll!NtClose                                                          7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ntdll.dll!NtCreateFile                                                     7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ntdll.dll!NtCreateProcess                                                  7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ntdll.dll!NtCreateProcessEx                                                7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ntdll.dll!NtDeleteFile                                                     7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ntdll.dll!NtFreeVirtualMemory                                              7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ntdll.dll!NtLoadDriver                                                     7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ntdll.dll!NtOpenFile                                                       7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ntdll.dll!NtProtectVirtualMemory                                           7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ntdll.dll!NtSetInformationProcess                                          7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ntdll.dll!NtUnloadDriver                                                   7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ntdll.dll!NtWriteVirtualMemory                                             7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ntdll.dll!RtlAllocateHeap                                                  7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ntdll.dll!LdrLoadDll                                                       7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ntdll.dll!LdrUnloadDll                                                     7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ntdll.dll!LdrGetProcedureAddress                                           7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!CreateFileA                                                   7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!VirtualProtect                                                7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!LoadLibraryExW                                                7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!LoadLibraryExA                                                7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!LoadLibraryA                                                  7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!CreateProcessW                                                7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!CreateProcessA                                                7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!GetProcAddress                                                7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!LoadLibraryW                                                  7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!GetModuleHandleA                                              7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!GetModuleHandleW                                              7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!CreateFileW                                                   7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!MoveFileWithProgressW                                         7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!MoveFileW                                                     7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!OpenFile                                                      7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!OpenFile + 3                                                  7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!CopyFileExW                                                   7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!CopyFileA                                                     7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!CopyFileW                                                     7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!DeleteFileA                                                   7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!DeleteFileW                                                   7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!MoveFileExW                                                   7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!MoveFileA                                                     7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!MoveFileWithProgressA                                         7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!MoveFileExA                                                   7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!CopyFileExA                                                   7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!WinExec                                                       7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!LoadModule                                                    7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ADVAPI32.dll!OpenServiceW                                                  77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ADVAPI32.dll!OpenServiceA                                                  77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ADVAPI32.dll!CreateServiceA                                                77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ADVAPI32.dll!CreateServiceW                                                77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] USER32.dll!EndTask                                                         7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] WININET.dll!InternetConnectA                                               771B3452 5 Bytes  JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] WININET.dll!InternetConnectW                                               771BEE00 5 Bytes  JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ole32.dll!CoCreateInstanceEx                                               774F0526 5 Bytes  JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] ole32.dll!CoGetClassObject                                                 775056C5 5 Bytes  JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] SHELL32.dll!ShellExecuteExW                                                7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] SHELL32.dll!ShellExecuteEx                                                 7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] SHELL32.dll!ShellExecuteA                                                  7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] SHELL32.dll!ShellExecuteW                                                  7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ntdll.dll!NtAllocateVirtualMemory                                                                              7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ntdll.dll!NtClose                                                                                              7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ntdll.dll!NtCreateFile                                                                                         7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ntdll.dll!NtCreateProcess                                                                                      7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ntdll.dll!NtCreateProcessEx                                                                                    7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ntdll.dll!NtDeleteFile                                                                                         7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ntdll.dll!NtFreeVirtualMemory                                                                                  7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ntdll.dll!NtLoadDriver                                                                                         7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ntdll.dll!NtOpenFile                                                                                           7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ntdll.dll!NtProtectVirtualMemory                                                                               7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ntdll.dll!NtSetInformationProcess                                                                              7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ntdll.dll!NtUnloadDriver                                                                                       7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ntdll.dll!NtWriteVirtualMemory                                                                                 7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ntdll.dll!RtlAllocateHeap                                                                                      7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ntdll.dll!LdrLoadDll                                                                                           7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ntdll.dll!LdrUnloadDll                                                                                         7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ntdll.dll!LdrGetProcedureAddress                                                                               7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!CreateFileA                                                                                       7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!VirtualProtect                                                                                    7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!LoadLibraryExW                                                                                    7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!LoadLibraryExA                                                                                    7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!LoadLibraryA                                                                                      7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!CreateProcessW                                                                                    7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!CreateProcessA                                                                                    7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!GetProcAddress                                                                                    7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!LoadLibraryW                                                                                      7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!GetModuleHandleA                                                                                  7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!GetModuleHandleW                                                                                  7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!CreateFileW                                                                                       7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!MoveFileWithProgressW                                                                             7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!MoveFileW                                                                                         7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!OpenFile                                                                                          7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!OpenFile + 3                                                                                      7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!CopyFileExW                                                                                       7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!CopyFileA                                                                                         7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!CopyFileW                                                                                         7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!DeleteFileA                                                                                       7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!DeleteFileW                                                                                       7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!MoveFileExW                                                                                       7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!MoveFileA                                                                                         7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!MoveFileWithProgressA                                                                             7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!MoveFileExA                                                                                       7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!CopyFileExA                                                                                       7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!WinExec                                                                                           7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!LoadModule                                                                                        7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ADVAPI32.dll!OpenServiceW                                                                                      77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ADVAPI32.dll!OpenServiceA                                                                                      77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ADVAPI32.dll!CreateServiceA                                                                                    77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ADVAPI32.dll!CreateServiceW                                                                                    77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ole32.dll!CoCreateInstanceEx                                                                                   774F0526 5 Bytes  JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] ole32.dll!CoGetClassObject                                                                                     775056C5 5 Bytes  JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] USER32.dll!EndTask                                                                                             7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] SHELL32.dll!ShellExecuteExW                                                                                    7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] SHELL32.dll!ShellExecuteEx                                                                                     7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] SHELL32.dll!ShellExecuteA                                                                                      7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\RTHDCPL.EXE[1980] SHELL32.dll!ShellExecuteW                                                                                      7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ntdll.dll!NtAllocateVirtualMemory                                                                    7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ntdll.dll!NtClose                                                                                    7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ntdll.dll!NtCreateFile                                                                               7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ntdll.dll!NtCreateProcess                                                                            7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ntdll.dll!NtCreateProcessEx                                                                          7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ntdll.dll!NtDeleteFile                                                                               7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ntdll.dll!NtFreeVirtualMemory                                                                        7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ntdll.dll!NtLoadDriver                                                                               7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ntdll.dll!NtOpenFile                                                                                 7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ntdll.dll!NtProtectVirtualMemory                                                                     7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ntdll.dll!NtSetInformationProcess                                                                    7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ntdll.dll!NtUnloadDriver                                                                             7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ntdll.dll!NtWriteVirtualMemory                                                                       7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ntdll.dll!RtlAllocateHeap                                                                            7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ntdll.dll!LdrLoadDll                                                                                 7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ntdll.dll!LdrUnloadDll                                                                               7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ntdll.dll!LdrGetProcedureAddress                                                                     7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!CreateFileA                                                                             7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!VirtualProtect                                                                          7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!LoadLibraryExW                                                                          7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!LoadLibraryExA                                                                          7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!LoadLibraryA                                                                            7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!CreateProcessW                                                                          7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!CreateProcessA                                                                          7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!GetProcAddress                                                                          7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!LoadLibraryW                                                                            7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!GetModuleHandleA                                                                        7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!GetModuleHandleW                                                                        7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!CreateFileW                                                                             7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!MoveFileWithProgressW                                                                   7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!MoveFileW                                                                               7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!OpenFile                                                                                7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!OpenFile + 3                                                                            7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!CopyFileExW                                                                             7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!CopyFileA                                                                               7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!CopyFileW                                                                               7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!DeleteFileA                                                                             7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!DeleteFileW                                                                             7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!MoveFileExW                                                                             7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!MoveFileA                                                                               7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!MoveFileWithProgressA                                                                   7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!MoveFileExA                                                                             7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!CopyFileExA                                                                             7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!WinExec                                                                                 7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!LoadModule                                                                              7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] USER32.dll!EndTask                                                                                   7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ADVAPI32.dll!OpenServiceW                                                                            77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ADVAPI32.dll!OpenServiceA                                                                            77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ADVAPI32.dll!CreateServiceA                                                                          77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ADVAPI32.dll!CreateServiceW                                                                          77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ole32.dll!CoCreateInstanceEx                                                                         774F0526 5 Bytes  JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] ole32.dll!CoGetClassObject                                                                           775056C5 5 Bytes  JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] SHELL32.dll!ShellExecuteExW                                                                          7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] SHELL32.dll!ShellExecuteEx                                                                           7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] SHELL32.dll!ShellExecuteA                                                                            7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\RUNDLL32.EXE[2016] SHELL32.dll!ShellExecuteW                                                                            7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ntdll.dll!NtAllocateVirtualMemory                                                 7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ntdll.dll!NtClose                                                                 7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ntdll.dll!NtCreateFile                                                            7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ntdll.dll!NtCreateProcess                                                         7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ntdll.dll!NtCreateProcessEx                                                       7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ntdll.dll!NtDeleteFile                                                            7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ntdll.dll!NtFreeVirtualMemory                                                     7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ntdll.dll!NtLoadDriver                                                            7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ntdll.dll!NtOpenFile                                                              7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ntdll.dll!NtProtectVirtualMemory                                                  7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ntdll.dll!NtSetInformationProcess                                                 7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ntdll.dll!NtUnloadDriver                                                          7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ntdll.dll!NtWriteVirtualMemory                                                    7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ntdll.dll!RtlAllocateHeap                                                         7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ntdll.dll!LdrLoadDll                                                              7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ntdll.dll!LdrUnloadDll                                                            7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ntdll.dll!LdrGetProcedureAddress                                                  7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!CreateFileA                                                          7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!VirtualProtect                                                       7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!LoadLibraryExW                                                       7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!LoadLibraryExA                                                       7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!LoadLibraryA                                                         7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!CreateProcessW                                                       7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!CreateProcessA                                                       7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!GetProcAddress                                                       7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!LoadLibraryW                                                         7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!GetModuleHandleA                                                     7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!GetModuleHandleW                                                     7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!CreateFileW                                                          7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!MoveFileWithProgressW                                                7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!MoveFileW                                                            7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!OpenFile                                                             7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!OpenFile + 3                                                         7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!CopyFileExW                                                          7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!CopyFileA                                                            7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!CopyFileW                                                            7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!DeleteFileA                                                          7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!DeleteFileW                                                          7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!MoveFileExW                                                          7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!MoveFileA                                                            7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!MoveFileWithProgressA                                                7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!MoveFileExA                                                          7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!CopyFileExA                                                          7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!WinExec                                                              7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!LoadModule                                                           7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] USER32.dll!EndTask                                                                7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ADVAPI32.dll!OpenServiceW                                                         77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ADVAPI32.dll!OpenServiceA                                                         77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ADVAPI32.dll!CreateServiceA                                                       77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ADVAPI32.dll!CreateServiceW                                                       77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] SHELL32.dll!ShellExecuteExW                                                       7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] SHELL32.dll!ShellExecuteEx                                                        7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] SHELL32.dll!ShellExecuteA                                                         7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] SHELL32.dll!ShellExecuteW                                                         7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ole32.dll!CoCreateInstanceEx                                                      774F0526 5 Bytes  JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] ole32.dll!CoGetClassObject                                                        775056C5 5 Bytes  JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] ntdll.dll!NtAllocateVirtualMemory                                            7C90CF50 5 Bytes  JMP 0050E060 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ntdll.dll!NtAllocateVirtualMemory                                                               7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ntdll.dll!NtClose                                                                               7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ntdll.dll!NtCreateFile                                                                          7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ntdll.dll!NtCreateProcess                                                                       7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ntdll.dll!NtCreateProcessEx                                                                     7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ntdll.dll!NtDeleteFile                                                                          7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ntdll.dll!NtFreeVirtualMemory                                                                   7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ntdll.dll!NtLoadDriver                                                                          7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ntdll.dll!NtOpenFile                                                                            7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ntdll.dll!NtProtectVirtualMemory                                                                7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ntdll.dll!NtSetInformationProcess                                                               7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ntdll.dll!NtUnloadDriver                                                                        7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ntdll.dll!NtWriteVirtualMemory                                                                  7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ntdll.dll!RtlAllocateHeap                                                                       7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ntdll.dll!LdrLoadDll                                                                            7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ntdll.dll!LdrUnloadDll                                                                          7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ntdll.dll!LdrGetProcedureAddress                                                                7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!CreateFileA                                                                        7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!VirtualProtect                                                                     7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!LoadLibraryExW                                                                     7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!LoadLibraryExA                                                                     7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!LoadLibraryA                                                                       7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!CreateProcessW                                                                     7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!CreateProcessA                                                                     7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!GetProcAddress                                                                     7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!LoadLibraryW                                                                       7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!GetModuleHandleA                                                                   7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!GetModuleHandleW                                                                   7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!CreateFileW                                                                        7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!MoveFileWithProgressW                                                              7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!MoveFileW                                                                          7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!OpenFile                                                                           7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!OpenFile + 3                                                                       7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!CopyFileExW                                                                        7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!CopyFileA                                                                          7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!CopyFileW                                                                          7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!DeleteFileA                                                                        7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!DeleteFileW                                                                        7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!MoveFileExW                                                                        7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!MoveFileA                                                                          7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!MoveFileWithProgressA                                                              7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!MoveFileExA                                                                        7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!CopyFileExA                                                                        7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!WinExec                                                                            7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!LoadModule                                                                         7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ADVAPI32.dll!OpenServiceW                                                                       77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ADVAPI32.dll!OpenServiceA                                                                       77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ADVAPI32.dll!CreateServiceA                                                                     77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ADVAPI32.dll!CreateServiceW                                                                     77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] USER32.dll!EndTask                                                                              7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ole32.dll!CoCreateInstanceEx                                                                    774F0526 5 Bytes  JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] ole32.dll!CoGetClassObject                                                                      775056C5 5 Bytes  JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] SHELL32.dll!ShellExecuteExW                                                                     7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] SHELL32.dll!ShellExecuteEx                                                                      7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] SHELL32.dll!ShellExecuteA                                                                       7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] SHELL32.dll!ShellExecuteW                                                                       7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] ntdll.dll!NtAllocateVirtualMemory                                                                     7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] ntdll.dll!NtClose                                                                                     7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] ntdll.dll!NtCreateFile                                                                                7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] ntdll.dll!NtCreateProcess                                                                             7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] ntdll.dll!NtCreateProcessEx                                                                           7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] ntdll.dll!NtDeleteFile                                                                                7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] ntdll.dll!NtFreeVirtualMemory                                                                         7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] ntdll.dll!NtLoadDriver                                                                                7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] ntdll.dll!NtOpenFile                                                                                  7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] ntdll.dll!NtProtectVirtualMemory                                                                      7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] ntdll.dll!NtSetInformationProcess                                                                     7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] ntdll.dll!NtUnloadDriver                                                                              7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] ntdll.dll!NtWriteVirtualMemory                                                                        7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] ntdll.dll!RtlAllocateHeap                                                                             7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] ntdll.dll!LdrLoadDll                                                                                  7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] ntdll.dll!LdrUnloadDll                                                                                7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] ntdll.dll!LdrGetProcedureAddress                                                                      7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!CreateFileA                                                                              7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!VirtualProtect                                                                           7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!LoadLibraryExW                                                                           7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!LoadLibraryExA                                                                           7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!LoadLibraryA                                                                             7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!CreateProcessW                                                                           7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!CreateProcessA                                                                           7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!GetProcAddress                                                                           7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!LoadLibraryW                                                                             7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!GetModuleHandleA                                                                         7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!GetModuleHandleW                                                                         7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!CreateFileW                                                                              7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!MoveFileWithProgressW                                                                    7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!MoveFileW                                                                                7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!OpenFile                                                                                 7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!OpenFile + 3                                                                             7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!CopyFileExW                                                                              7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!CopyFileA                                                                                7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!CopyFileW                                                                                7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!DeleteFileA                                                                              7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!DeleteFileW                                                                              7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!MoveFileExW                                                                              7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!MoveFileA                                                                                7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!MoveFileWithProgressA                                                                    7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!MoveFileExA                                                                              7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!CopyFileExA                                                                              7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!WinExec                                                                                  7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!LoadModule                                                                               7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] USER32.dll!EndTask                                                                                    7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] SHELL32.dll!ShellExecuteExW                                                                           7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] SHELL32.dll!ShellExecuteEx                                                                            7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] SHELL32.dll!ShellExecuteA                                                                             7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] SHELL32.dll!ShellExecuteW                                                                             7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] ADVAPI32.dll!OpenServiceW                                                                             77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] ADVAPI32.dll!OpenServiceA                                                                             77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] ADVAPI32.dll!CreateServiceA                                                                           77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wscntfy.exe[2432] ADVAPI32.dll!CreateServiceW                                                                           77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] ntdll.dll!NtAllocateVirtualMemory                      7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] ntdll.dll!NtClose                                      7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] ntdll.dll!NtCreateFile                                 7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] ntdll.dll!NtCreateProcess                              7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] ntdll.dll!NtCreateProcessEx                            7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] ntdll.dll!NtDeleteFile                                 7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] ntdll.dll!NtFreeVirtualMemory                          7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] ntdll.dll!NtLoadDriver                                 7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] ntdll.dll!NtOpenFile                                   7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] ntdll.dll!NtProtectVirtualMemory                       7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] ntdll.dll!NtSetInformationProcess                      7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] ntdll.dll!NtUnloadDriver                               7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] ntdll.dll!NtWriteVirtualMemory                         7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] ntdll.dll!RtlAllocateHeap                              7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] ntdll.dll!LdrLoadDll                                   7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] ntdll.dll!LdrUnloadDll                                 7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] ntdll.dll!LdrGetProcedureAddress                       7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!CreateFileA                               7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!VirtualProtect                            7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!LoadLibraryExW                            7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!LoadLibraryExA                            7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!LoadLibraryA                              7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!CreateProcessW                            7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!CreateProcessA                            7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!GetProcAddress                            7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!LoadLibraryW                              7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!GetModuleHandleA                          7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!GetModuleHandleW                          7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!CreateFileW                               7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!MoveFileWithProgressW                     7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!MoveFileW                                 7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!OpenFile                                  7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!OpenFile + 3                              7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!CopyFileExW                               7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!CopyFileA                                 7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!CopyFileW                                 7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!DeleteFileA                               7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!DeleteFileW                               7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!MoveFileExW                               7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!MoveFileA                                 7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!MoveFileWithProgressA                     7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!MoveFileExA                               7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!CopyFileExA                               7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!WinExec                                   7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] kernel32.dll!LoadModule                                7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] ADVAPI32.dll!OpenServiceW                              77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] ADVAPI32.dll!OpenServiceA                              77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] ADVAPI32.dll!CreateServiceA                            77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] ADVAPI32.dll!CreateServiceW                            77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] USER32.dll!EndTask                                     7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] shell32.dll!ShellExecuteExW                            7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] shell32.dll!ShellExecuteEx                             7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] shell32.dll!ShellExecuteA                              7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\vy6gbm33.exe[2496] shell32.dll!ShellExecuteW                              7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ntdll.dll!NtAllocateVirtualMemory                                                                         7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ntdll.dll!NtClose                                                                                         7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ntdll.dll!NtCreateFile                                                                                    7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ntdll.dll!NtCreateProcess                                                                                 7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ntdll.dll!NtCreateProcessEx                                                                               7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ntdll.dll!NtDeleteFile                                                                                    7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ntdll.dll!NtFreeVirtualMemory                                                                             7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ntdll.dll!NtLoadDriver                                                                                    7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ntdll.dll!NtOpenFile                                                                                      7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ntdll.dll!NtProtectVirtualMemory                                                                          7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ntdll.dll!NtSetInformationProcess                                                                         7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ntdll.dll!NtUnloadDriver                                                                                  7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ntdll.dll!NtWriteVirtualMemory                                                                            7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ntdll.dll!RtlAllocateHeap                                                                                 7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ntdll.dll!LdrLoadDll                                                                                      7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ntdll.dll!LdrUnloadDll                                                                                    7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ntdll.dll!LdrGetProcedureAddress                                                                          7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!CreateFileA                                                                                  7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!VirtualProtect                                                                               7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!LoadLibraryExW                                                                               7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!LoadLibraryExA                                                                               7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!LoadLibraryA                                                                                 7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!CreateProcessW                                                                               7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!CreateProcessA                                                                               7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!GetProcAddress                                                                               7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!LoadLibraryW                                                                                 7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!GetModuleHandleA                                                                             7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!GetModuleHandleW                                                                             7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!CreateFileW                                                                                  7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!MoveFileWithProgressW                                                                        7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!MoveFileW                                                                                    7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!OpenFile                                                                                     7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!OpenFile + 3                                                                                 7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!CopyFileExW                                                                                  7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!CopyFileA                                                                                    7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!CopyFileW                                                                                    7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!DeleteFileA                                                                                  7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!DeleteFileW                                                                                  7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!MoveFileExW                                                                                  7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!MoveFileA                                                                                    7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!MoveFileWithProgressA                                                                        7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!MoveFileExA                                                                                  7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!CopyFileExA                                                                                  7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!WinExec                                                                                      7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!LoadModule                                                                                   7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] USER32.dll!EndTask                                                                                        7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ADVAPI32.dll!OpenServiceW                                                                                 77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ADVAPI32.dll!OpenServiceA                                                                                 77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ADVAPI32.dll!CreateServiceA                                                                               77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ADVAPI32.dll!CreateServiceW                                                                               77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ole32.dll!CoCreateInstanceEx                                                                              774F0526 5 Bytes  JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] ole32.dll!CoGetClassObject                                                                                775056C5 5 Bytes  JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] WS2_32.dll!WSASocketW                                                                                     71A5404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] WS2_32.dll!WSASocketA                                                                                     71A58B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] SHELL32.dll!ShellExecuteExW                                                                               7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] SHELL32.dll!ShellExecuteEx                                                                                7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] SHELL32.dll!ShellExecuteA                                                                                 7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[2556] SHELL32.dll!ShellExecuteW                                                                                 7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ntdll.dll!NtAllocateVirtualMemory                                                               7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ntdll.dll!NtClose                                                                               7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ntdll.dll!NtCreateFile                                                                          7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ntdll.dll!NtCreateProcess                                                                       7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ntdll.dll!NtCreateProcessEx                                                                     7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ntdll.dll!NtDeleteFile                                                                          7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ntdll.dll!NtFreeVirtualMemory                                                                   7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ntdll.dll!NtLoadDriver                                                                          7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ntdll.dll!NtOpenFile                                                                            7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ntdll.dll!NtProtectVirtualMemory                                                                7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ntdll.dll!NtSetInformationProcess                                                               7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ntdll.dll!NtUnloadDriver                                                                        7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ntdll.dll!NtWriteVirtualMemory                                                                  7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ntdll.dll!RtlAllocateHeap                                                                       7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ntdll.dll!LdrLoadDll                                                                            7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ntdll.dll!LdrUnloadDll                                                                          7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ntdll.dll!LdrGetProcedureAddress                                                                7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!CreateFileA                                                                        7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!VirtualProtect                                                                     7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!LoadLibraryExW                                                                     7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!LoadLibraryExA                                                                     7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!LoadLibraryA                                                                       7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!CreateProcessW                                                                     7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!CreateProcessA                                                                     7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!GetProcAddress                                                                     7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!LoadLibraryW                                                                       7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!GetModuleHandleA                                                                   7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!GetModuleHandleW                                                                   7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!CreateFileW                                                                        7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!MoveFileWithProgressW                                                              7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!MoveFileW                                                                          7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!OpenFile                                                                           7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!OpenFile + 3                                                                       7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!CopyFileExW                                                                        7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!CopyFileA                                                                          7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!CopyFileW                                                                          7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!DeleteFileA                                                                        7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!DeleteFileW                                                                        7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!MoveFileExW                                                                        7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!MoveFileA                                                                          7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!MoveFileWithProgressA                                                              7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!MoveFileExA                                                                        7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!CopyFileExA                                                                        7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!WinExec                                                                            7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] kernel32.dll!LoadModule                                                                         7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ADVAPI32.dll!OpenServiceW                                                                       77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ADVAPI32.dll!OpenServiceA                                                                       77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ADVAPI32.dll!CreateServiceA                                                                     77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ADVAPI32.dll!CreateServiceW                                                                     77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] USER32.dll!EndTask                                                                              7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ole32.dll!CoCreateInstanceEx                                                                    774F0526 5 Bytes  JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] ole32.dll!CoGetClassObject                                                                      775056C5 5 Bytes  JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] WS2_32.dll!WSASocketW                                                                           71A5404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] WS2_32.dll!WSASocketA                                                                           71A58B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] SHELL32.dll!ShellExecuteExW                                                                     7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] SHELL32.dll!ShellExecuteEx                                                                      7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] SHELL32.dll!ShellExecuteA                                                                       7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2632] SHELL32.dll!ShellExecuteW                                                                       7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ntdll.dll!NtAllocateVirtualMemory                                                        7C90CF50 5 Bytes  JMP 00DF1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ntdll.dll!NtClose                                                                        7C90CFD0 5 Bytes  JMP 00DF82B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ntdll.dll!NtCreateFile                                                                   7C90D090 5 Bytes  JMP 00DF18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ntdll.dll!NtCreateProcess                                                                7C90D130 5 Bytes  JMP 00DF1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ntdll.dll!NtCreateProcessEx                                                              7C90D140 5 Bytes  JMP 00DF19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ntdll.dll!NtDeleteFile                                                                   7C90D220 5 Bytes  JMP 00DF1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ntdll.dll!NtFreeVirtualMemory                                                            7C90D370 5 Bytes  JMP 00DF1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ntdll.dll!NtLoadDriver                                                                   7C90D450 5 Bytes  JMP 00DF1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ntdll.dll!NtOpenFile                                                                     7C90D580 5 Bytes  JMP 00DF18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ntdll.dll!NtProtectVirtualMemory                                                         7C90D6D0 5 Bytes  JMP 00DF1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ntdll.dll!NtSetInformationProcess                                                        7C90DC80 5 Bytes  JMP 00DF19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ntdll.dll!NtUnloadDriver                                                                 7C90DEA0 5 Bytes  JMP 00DF1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ntdll.dll!NtWriteVirtualMemory                                                           7C90DF90 5 Bytes  JMP 00DF18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ntdll.dll!KiUserExceptionDispatcher                                                      7C90E45C 7 Bytes  JMP 00DF22D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ntdll.dll!RtlAllocateHeap                                                                7C9100A4 5 Bytes  JMP 00DF1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ntdll.dll!LdrLoadDll                                                                     7C9163A3 5 Bytes  JMP 00DF4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ntdll.dll!LdrUnloadDll                                                                   7C91736B 5 Bytes  JMP 00DF81E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ntdll.dll!LdrGetProcedureAddress                                                         7C917E88 5 Bytes  JMP 00DF19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!CreateFileA                                                                 7C801A28 5 Bytes  JMP 00DF1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!VirtualProtect                                                              7C801AD4 5 Bytes  JMP 00DF1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!LoadLibraryExW                                                              7C801AF5 7 Bytes  JMP 00DF1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!LoadLibraryExA                                                              7C801D53 5 Bytes  JMP 00DF1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!LoadLibraryA                                                                7C801D7B 5 Bytes  JMP 00DF1D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!CreateProcessW                                                              7C802336 5 Bytes  JMP 00DF1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!CreateProcessA                                                              7C80236B 5 Bytes  JMP 00DF1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!GetProcAddress                                                              7C80AE30 5 Bytes  JMP 00DF1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!LoadLibraryW                                                                7C80AEDB 5 Bytes  JMP 00DF1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!GetModuleHandleA                                                            7C80B731 5 Bytes  JMP 00DF1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!GetModuleHandleW                                                            7C80E4CD 5 Bytes  JMP 00DF1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!CreateFileW                                                                 7C8107F0 5 Bytes  JMP 00DF1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!MoveFileWithProgressW                                                       7C81F716 5 Bytes  JMP 00DF1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!MoveFileW                                                                   7C821249 5 Bytes  JMP 00DF1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!OpenFile                                                                    7C82196A 2 Bytes  JMP 00DF1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!OpenFile + 3                                                                7C82196D 2 Bytes  [5D, 84]
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!CopyFileExW                                                                 7C827B1A 7 Bytes  JMP 00DF1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!CopyFileA                                                                   7C8286D6 5 Bytes  JMP 00DF1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!CopyFileW                                                                   7C82F863 5 Bytes  JMP 00DF1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!DeleteFileA                                                                 7C831EC5 5 Bytes  JMP 00DF1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!DeleteFileW                                                                 7C831F4B 5 Bytes  JMP 00DF1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!MoveFileExW                                                                 7C835673 5 Bytes  JMP 00DF1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!MoveFileA                                                                   7C835EA7 5 Bytes  JMP 00DF1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!MoveFileWithProgressA                                                       7C835EC6 5 Bytes  JMP 00DF1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!MoveFileExA                                                                 7C85E3CB 5 Bytes  JMP 00DF1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!CopyFileExA                                                                 7C85F2CC 5 Bytes  JMP 00DF1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!WinExec                                                                     7C8623AD 5 Bytes  JMP 00DF1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] kernel32.dll!LoadModule                                                                  7C8624BE 5 Bytes  JMP 00DF1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ADVAPI32.dll!OpenServiceW                                                                77DD6FDD 7 Bytes  JMP 00DF1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ADVAPI32.dll!OpenServiceA                                                                77DE4C36 7 Bytes  JMP 00DF1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ADVAPI32.dll!CreateServiceA                                                              77E271E9 7 Bytes  JMP 00DF1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ADVAPI32.dll!CreateServiceW                                                              77E27381 7 Bytes  JMP 00DF1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] WS2_32.dll!WSASocketW                                                                    71A5404E 7 Bytes  JMP 00DF1E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] WS2_32.dll!WSASocketA                                                                    71A58B6A 5 Bytes  JMP 00DF1E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] USER32.dll!EndTask                                                                       7E3AA0A5 5 Bytes  JMP 00DF7E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] SHELL32.dll!ShellExecuteExW                                                              7CA02F03 5 Bytes  JMP 00DF1E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] SHELL32.dll!ShellExecuteEx                                                               7CA40E25 5 Bytes  JMP 00DF1DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] SHELL32.dll!ShellExecuteA                                                                7CA41150 5 Bytes  JMP 00DF1DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] SHELL32.dll!ShellExecuteW                                                                7CAB5BF0 5 Bytes  JMP 00DF1DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ole32.dll!CoCreateInstanceEx                                                             774F0526 5 Bytes  JMP 00DF7BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2856] ole32.dll!CoGetClassObject                                                               775056C5 5 Bytes  JMP 00DF7D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ntdll.dll!NtAllocateVirtualMemory                                                                7C90CF50 5 Bytes  JMP 03191950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ntdll.dll!NtClose                                                                                7C90CFD0 5 Bytes  JMP 031982B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ntdll.dll!NtCreateFile                                                                           7C90D090 5 Bytes  JMP 031918D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ntdll.dll!NtCreateProcess                                                                        7C90D130 5 Bytes  JMP 03191890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ntdll.dll!NtCreateProcessEx                                                                      7C90D140 5 Bytes  JMP 031919B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ntdll.dll!NtDeleteFile                                                                           7C90D220 5 Bytes  JMP 03191910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ntdll.dll!NtFreeVirtualMemory                                                                    7C90D370 5 Bytes  JMP 03191A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ntdll.dll!NtLoadDriver                                                                           7C90D450 5 Bytes  JMP 03191970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ntdll.dll!NtOpenFile                                                                             7C90D580 5 Bytes  JMP 031918F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ntdll.dll!NtProtectVirtualMemory                                                                 7C90D6D0 5 Bytes  JMP 03191930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ntdll.dll!NtSetInformationProcess                                                                7C90DC80 5 Bytes  JMP 031919D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ntdll.dll!NtUnloadDriver                                                                         7C90DEA0 5 Bytes  JMP 03191990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ntdll.dll!NtWriteVirtualMemory                                                                   7C90DF90 5 Bytes  JMP 031918B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ntdll.dll!RtlAllocateHeap                                                                        7C9100A4 5 Bytes  JMP 03191A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ntdll.dll!LdrLoadDll                                                                             7C9163A3 5 Bytes  JMP 03194550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ntdll.dll!LdrUnloadDll                                                                           7C91736B 5 Bytes  JMP 031981E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ntdll.dll!LdrGetProcedureAddress                                                                 7C917E88 5 Bytes  JMP 031919F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!CreateFileA                                                                         7C801A28 5 Bytes  JMP 03191B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!VirtualProtect                                                                      7C801AD4 5 Bytes  JMP 03191D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!LoadLibraryExW                                                                      7C801AF5 7 Bytes  JMP 03191AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!LoadLibraryExA                                                                      7C801D53 5 Bytes  JMP 03191AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!LoadLibraryA                                                                        7C801D7B 5 Bytes  JMP 03191D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!CreateProcessW                                                                      7C802336 5 Bytes  JMP 03191A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!CreateProcessA                                                                      7C80236B 5 Bytes  JMP 03191A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!GetProcAddress                                                                      7C80AE30 5 Bytes  JMP 03191A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!LoadLibraryW                                                                        7C80AEDB 5 Bytes  JMP 03191D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!GetModuleHandleA                                                                    7C80B731 5 Bytes  JMP 03191CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!GetModuleHandleW                                                                    7C80E4CD 5 Bytes  JMP 03191D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!CreateFileW                                                                         7C8107F0 5 Bytes  JMP 03191B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!MoveFileWithProgressW                                                               7C81F716 5 Bytes  JMP 03191C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!MoveFileW                                                                           7C821249 5 Bytes  JMP 03191C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!OpenFile                                                                            7C82196A 2 Bytes  JMP 03191B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!OpenFile + 3                                                                        7C82196D 2 Bytes  [97, 86]
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!CopyFileExW                                                                         7C827B1A 7 Bytes  JMP 03191BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!CopyFileA                                                                           7C8286D6 5 Bytes  JMP 03191B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!CopyFileW                                                                           7C82F863 5 Bytes  JMP 03191B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!DeleteFileA                                                                         7C831EC5 5 Bytes  JMP 03191CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!DeleteFileW                                                                         7C831F4B 5 Bytes  JMP 03191CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!MoveFileExW                                                                         7C835673 5 Bytes  JMP 03191C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!MoveFileA                                                                           7C835EA7 5 Bytes  JMP 03191BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!MoveFileWithProgressA                                                               7C835EC6 5 Bytes  JMP 03191C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!MoveFileExA                                                                         7C85E3CB 5 Bytes  JMP 03191C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!CopyFileExA                                                                         7C85F2CC 5 Bytes  JMP 03191BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!WinExec                                                                             7C8623AD 5 Bytes  JMP 03191D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] kernel32.dll!LoadModule                                                                          7C8624BE 5 Bytes  JMP 03191AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] USER32.dll!EndTask                                                                               7E3AA0A5 5 Bytes  JMP 03197E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ole32.dll!CoCreateInstanceEx                                                                     774F0526 5 Bytes  JMP 03197BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ole32.dll!CoGetClassObject                                                                       775056C5 5 Bytes  JMP 03197D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ADVAPI32.dll!OpenServiceW                                                                        77DD6FDD 7 Bytes  JMP 03191480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ADVAPI32.dll!OpenServiceA                                                                        77DE4C36 7 Bytes  JMP 03191640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ADVAPI32.dll!CreateServiceA                                                                      77E271E9 7 Bytes  JMP 03191000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] ADVAPI32.dll!CreateServiceW                                                                      77E27381 7 Bytes  JMP 03191250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] SHELL32.dll!ShellExecuteExW                                                                      7CA02F03 5 Bytes  JMP 03191E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] SHELL32.dll!ShellExecuteEx                                                                       7CA40E25 5 Bytes  JMP 03191DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] SHELL32.dll!ShellExecuteA                                                                        7CA41150 5 Bytes  JMP 03191DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] SHELL32.dll!ShellExecuteW                                                                        7CAB5BF0 5 Bytes  JMP 03191DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] WS2_32.dll!WSASocketW                                                                            71A5404E 7 Bytes  JMP 03191E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] WS2_32.dll!WSASocketA                                                                            71A58B6A 5 Bytes  JMP 03191E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] WININET.dll!InternetConnectA                                                                     771B3452 5 Bytes  JMP 03191E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Gadu-Gadu 10\gg.exe[3368] WININET.dll!InternetConnectW                                                                     771BEE00 5 Bytes  JMP 03191E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ntdll.dll!NtAllocateVirtualMemory                                                                     7C90CF50 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ntdll.dll!NtClose                                                                                     7C90CFD0 5 Bytes  JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ntdll.dll!NtCreateFile                                                                                7C90D090 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ntdll.dll!NtCreateProcess                                                                             7C90D130 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ntdll.dll!NtCreateProcessEx                                                                           7C90D140 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ntdll.dll!NtDeleteFile                                                                                7C90D220 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ntdll.dll!NtFreeVirtualMemory                                                                         7C90D370 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ntdll.dll!NtLoadDriver                                                                                7C90D450 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ntdll.dll!NtOpenFile                                                                                  7C90D580 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ntdll.dll!NtProtectVirtualMemory                                                                      7C90D6D0 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ntdll.dll!NtSetInformationProcess                                                                     7C90DC80 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ntdll.dll!NtUnloadDriver                                                                              7C90DEA0 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ntdll.dll!NtWriteVirtualMemory                                                                        7C90DF90 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ntdll.dll!RtlAllocateHeap                                                                             7C9100A4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ntdll.dll!LdrLoadDll                                                                                  7C9163A3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ntdll.dll!LdrUnloadDll                                                                                7C91736B 5 Bytes  JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ntdll.dll!LdrGetProcedureAddress                                                                      7C917E88 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!CreateFileA                                                                              7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!VirtualProtect                                                                           7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!LoadLibraryExW                                                                           7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!LoadLibraryExA                                                                           7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!LoadLibraryA                                                                             7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!CreateProcessW                                                                           7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!CreateProcessA                                                                           7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!GetProcAddress                                                                           7C80AE30 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!LoadLibraryW                                                                             7C80AEDB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!GetModuleHandleA                                                                         7C80B731 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!GetModuleHandleW                                                                         7C80E4CD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!CreateFileW                                                                              7C8107F0 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!MoveFileWithProgressW                                                                    7C81F716 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!MoveFileW                                                                                7C821249 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!OpenFile                                                                                 7C82196A 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!OpenFile + 3                                                                             7C82196D 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!CopyFileExW                                                                              7C827B1A 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!CopyFileA                                                                                7C8286D6 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!CopyFileW                                                                                7C82F863 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!DeleteFileA                                                                              7C831EC5 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!DeleteFileW                                                                              7C831F4B 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!MoveFileExW                                                                              7C835673 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!MoveFileA                                                                                7C835EA7 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!MoveFileWithProgressA                                                                    7C835EC6 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!MoveFileExA                                                                              7C85E3CB 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!CopyFileExA                                                                              7C85F2CC 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!WinExec                                                                                  7C8623AD 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] kernel32.dll!LoadModule                                                                               7C8624BE 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] USER32.dll!EndTask                                                                                    7E3AA0A5 5 Bytes  JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ADVAPI32.dll!OpenServiceW                                                                             77DD6FDD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ADVAPI32.dll!OpenServiceA                                                                             77DE4C36 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ADVAPI32.dll!CreateServiceA                                                                           77E271E9 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ADVAPI32.dll!CreateServiceW                                                                           77E27381 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ole32.dll!CoCreateInstanceEx                                                                          774F0526 5 Bytes  JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] ole32.dll!CoGetClassObject                                                                            775056C5 5 Bytes  JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] WS2_32.dll!WSASocketW                                                                                 71A5404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] WS2_32.dll!WSASocketA                                                                                 71A58B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] SHELL32.dll!ShellExecuteExW                                                                           7CA02F03 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] SHELL32.dll!ShellExecuteEx                                                                            7CA40E25 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] SHELL32.dll!ShellExecuteA                                                                             7CA41150 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wuauclt.exe[3800] SHELL32.dll!ShellExecuteW                                                                             7CAB5BF0 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter]                                                                         [B7E216E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter]                                                                          [B7E217B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol]                                                                   [B7E21780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol]                                                                     [B7E21740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]                                                                    [B7E21740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                                                                         [B7E217B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]                                                                        [B7E216E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]                                                                  [B7E21780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol]                                                                    [B7E21780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol]                                                                      [B7E21740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter]                                                                           [B7E217B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter]                                                                          [B7E216E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]                                                                     [B7E21740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]                                                                   [B7E21780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]                                                                         [B7E216E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                                                                          [B7E217B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter]                                                                           [B7E216E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]                                                                            [B7E217B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol]                                                                       [B7E21740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol]                                                                    [B7E21780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol]                                                                      [B7E21740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter]                                                                           [B7E217B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter]                                                                          [B7E216E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol]                                                                     [B7E21740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol]                                                                   [B7E21780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter]                                                                         [B7E216E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter]                                                                          [B7E217B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]             [00618260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread]               [00617B70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA]           [006182B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]               [006181D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]               [00618190] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]             [00618340] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                 [00618190] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]                 [006181D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]               [00618340] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread]                 [00617B70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                [00618190] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]                [006181D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]              [00618340] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]               [00618340] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                 [00618190] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA]             [006182B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread]                 [00617B70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress]             [00618340] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA]               [00618190] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]               [00618340] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                 [00618190] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread]                 [00617B70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA]            [006182B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA]                [00618190] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread]                [00617B70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress]              [00618340] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteObject]                   [006172F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA]            [006182B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                [00618190] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                [006181D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]              [00618340] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread]                [00617B70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]              [00618260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA]              [00618210] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx]            [00617FB0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA]                [006176D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSystemMetrics]              [00617D80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor]                   [006172A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW]                [00617760] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!RegisterClassW]                [00617CC0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush]              [00617330] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!FillRect]                      [006180C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawFrameControl]              [00618130] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawEdge]                      [00618110] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW]         [00617EA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo]                 [00617520] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW]               [00617590] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo]                 [00617410] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject]                   [006172F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA]            [006182B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]              [00618210] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]              [00618260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                [006181D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                [00617B70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                [00618190] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]              [00618340] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA]                [006176D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW]                [00617760] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor]                   [006172A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassA]                [00617C00] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassW]                [00617CC0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SystemParametersInfoW]         [00617EA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW]               [00617590] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA]               [00617630] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics]              [00617D80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject]                     [006172F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress]                [00618340] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                  [00618190] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                  [006181D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread]                  [00617B70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]                [00618260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA]                [00618210] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SystemParametersInfoW]           [00617EA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSystemMetrics]                [00617D80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor]                     [006172A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW]                 [00617590] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!RegisterClassW]                  [00617CC0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW]                  [00617760] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW]               [006181D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA]               [00618190] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress]             [00618340] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread]               [00617B70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]              [00618340] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]                [00618190] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA]              [00618210] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW]              [00618260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread]                [00617B70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA]            [006182B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!GetSystemMetrics]              [00617D80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA]                  [00618190] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT             C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2040] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress]                [00618340] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                      eamon.sys (Amon monitor/ESET)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                    cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                   cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                   cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                 cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                         0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                         0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                      0x7C 0x1A 0x96 0x88 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC.REN                                                        
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                        
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                             0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                             0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                          0x7C 0x1A 0x96 0x88 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC.REN (not active ControlSet)                                    
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                        
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                             0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                             0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                          0x7C 0x1A 0x96 0x88 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC.REN (not active ControlSet)                                    
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\OpenWithProgids@lŮ\x81\1\x2d9\x2d9\x2d9\16xÍS\23zÍS\23,>\xb6\0\3      
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithProgids@lŮ\x81\1\x2d9\x2d9\x2d9\16xÍS\23`Ă&\1,>\xb6\0\3       
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\OpenWithProgids@lŮ\x81\1\x2d9\x2d9\x2d9\16xÍS\23zÍS\23,>\xb6\0\3     
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\OpenWithProgids@lŮ\x81\1\x2d9\x2d9\x2d9\16xÍS\23zÍS\23,>\xb6\0\3      
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\OpenWithProgids@lŮ\x81\1\x2d9\x2d9\x2d9\16xÍS\23\x20acgP\2,>\xb6\0\3  

---- Files - GMER 1.0.15 ----

File            C:\Program Files\COMODO\COMODO Internet Security\Quarantine\exe6198.tmp                                                                     21504 bytes executable
File            C:\Program Files\COMODO\COMODO Internet Security\Quarantine\exe6198.tmp.info                                                                254 bytes
File            C:\Program Files\COMODO\COMODO Internet Security\Quarantine\is-G2R93.tmp                                                                    291840 bytes
File            C:\Program Files\COMODO\COMODO Internet Security\Quarantine\is-G2R93.tmp.info                                                               242 bytes
File            C:\Program Files\COMODO\COMODO Internet Security\Quarantine\is-T0KJ5.tmp                                                                    291840 bytes
File            C:\Program Files\COMODO\COMODO Internet Security\Quarantine\is-T0KJ5.tmp.info                                                               242 bytes
File            C:\Program Files\COMODO\COMODO Internet Security\Quarantine\is-UT04L.tmp                                                                    291840 bytes
File            C:\Program Files\COMODO\COMODO Internet Security\Quarantine\is-UT04L.tmp.info                                                               242 bytes
File            C:\Program Files\COMODO\COMODO Internet Security\Quarantine\playlist[1].exe                                                                 21504 bytes executable
File            C:\Program Files\COMODO\COMODO Internet Security\Quarantine\playlist[1].exe.info                                                            154 bytes
File            C:\WINDOWS\temp\HTTA0C.tmp                                                                                                                  2097152 bytes

---- EOF - GMER 1.0.15 ----


Użytkownik kuba206 edytował ten post 17 05 2010 - 00:51

  • 0

#12 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 17 05 2010 - 09:59

C:\WINDOWS\temp\HTTA0C.tmp
C:\Program Files\Vtune\TBPanel.exe[212] kernel32.dll!OpenFile + 3 7C82196D 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[176] kernel32.dll!OpenFile + 3 7C82196D 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[408] kernel32.dll!OpenFile + 3 7C82196D 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[484] kernel32.dll!OpenFile + 3 7C82196D 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
C:\Program Files\Java\jre6\bin\jqs.exe[516] kernel32.dll!OpenFile + 3 7C82196D 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
C:\WINDOWS\system32\nvsvc32.exe[540] kernel32.dll!OpenFile + 3 7C82196D 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
C:\WINDOWS\system32\HPZipm12.exe[552] kernel32.dll!OpenFile + 3 7C82196D 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
C:\WINDOWS\system32\services.exe[812] kernel32.dll!OpenFile + 3 7C82196D 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!OpenFile + 3 7C82196D 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!OpenFile + 3 7C82196D 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
C:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!OpenFile + 3 7C82196D 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!OpenFile + 3 7C82196D 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
C:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!OpenFile + 3 7C82196D 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
C:\WINDOWS\RTHDCPL.EXE[1980] kernel32.dll!OpenFile + 3 7C82196D 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
C:\WINDOWS\system32\RUNDLL32.EXE[2016] kernel32.dll!OpenFile + 3 7C82196D 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2028] kernel32.dll!OpenFile + 3 7C82196D 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
C:\WINDOWS\system32\wbem\wmiapsrv.exe[2368] kernel32.dll!OpenFile + 3 7C82196D 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}



Nie ma żadnego Rootkita.
Są co prawda jakieś tajemnicze wpisy, podczepione pod wszystkie ważne procesy, ale zostawiam to w spokoju, bo sam nie wiem, co to jest.
.

Użytkownik ordynat edytował ten post 17 05 2010 - 10:02

  • 0

#13 kuba206

kuba206

    Obserwator

  • 8 postów

Napisano 17 05 2010 - 17:27

a te podczepione wpisy mozna jakoś usunąć ? zrobie przed usunięciem kopie zapasową więc jak by sie coś popsuło to zgram i bd jak dawniej.
tylko jak usunąć te dodatkowe wpisy ?
  • 0

#14 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 17 05 2010 - 18:22

a te podczepione wpisy mozna jakoś usunąć ? zrobie przed usunięciem kopie zapasową więc jak by sie coś popsuło to zgram i bd jak dawniej.
tylko jak usunąć te dodatkowe wpisy ?

W tym problem, że nie wiadomo, co to jest, więc nie wiem, jak ewentualnie to usunąć. Nie jest to plik. Strumień ADS też chyba nie, bo ComboFix raczej by go wykrył; chyba, że to jakaś nowa wersja strumienii.
Nawet nie wiemy, czy to jest "dobre", czy "złe".
Patrzyłem w necie: były już takie przypadki, ale nikt tego nie usuwał. Więc być może to jest nieszkodliwe? Tym bardziej, że te wszystkie przypadki występowały jednocześnie z COMODO. Może to jakiś "trick" tego COMODO?
Naprawdę nie wiem.
.
.
  • 0

#15 kuba206

kuba206

    Obserwator

  • 8 postów

Napisano 17 05 2010 - 18:25

ok thx za wielką pomoc :P
to w takim razie pewnie od comodo te bo on filtruje wszystkie połączenia wiec moze dopisał B)
thx raz jeszcze
pozdro

  • 0




Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych